Login

Tag Archives: Reflected Cross-Site Scripting (XSS)

30 Nov 2021

Vulnerability Details: Reflected Cross-Site Scripting (XSS) in Contact Form With Captcha

With a claim from Wordfence that there is a cross-site request forgery to reflected cross-site scripting vulnerability in the plugin Contact Form With Captcha things don’t really make sense. Here is how they described it:

[Read more]

10 Nov 2021

Vulnerability Details: Reflected Cross-Site Scripting (XSS) in Booking Package

Today the JVN released a report for a cross-site scripting (XSS) vulnerability in the WordPress plugin Booking Package credited to “Gen Sato of Mitsui Bussan Secure Directions, Inc. “, which is described as impacting “versions prior to 1.5.11” and involving “handling some URL query parameters.”

[Read more]

26 Oct 2021

Reflected Cross-Site Scripting (XSS) Vulnerability in Quiz And Survey Master

Yesterday, the WordPress plugin Quiz And Survey Master was closed on WordPress Plugin Directory. Due to that being one of the 1,000 most popular plugins in that directory (it has 40,000+ installs), our systems warned us about the closure and we started checking over the plugin to see if there was a vulnerability we should be warning customers of our service about if they are using the plugin.

In June, while looking in the possibility there had been a vulnerability fixed in the plugin, we found a fairly serious vulnerability in the plugin, so the poor quality of the security we found this time wasn’t surprising. While we didn’t quickly find a serious vulnerability, we did easily confirm that there is a reflected cross-site scripting (XSS) vulnerability that currently exists in the plugin. [Read more]