CVE-2017-9419: WordPress WP Custom Fields Search v.0.3.28 Reflected Cross-Site Scripting (XSS)

Identification Date: 11/06/2017 Vendor Homepage: http://www.webhammer.co.uk/wordpress#tab-wp-custom-fields-search Software Link: http://wordpress.org/plugins/wp-custom-fields-search/   Description This version of the WP Custom Fields Search plug-in is vulnerable to a Reflected Cross-Site Scripting vulnerability in the “cs-all-0” parameter due to the lack of proper input handling of the user’s data. An attacker can execute arbitrary JavaScript using a specially crafted URL. Thus, when the victim clicks…

Continue Reading