[-] Author : MEHRAN_FEIZI
[-] Vendor : https://wordpress.org/plugins/prismatic /
[-] T [-] Title : word press plugin prismatic 2.3 - Cross-Site Scripting
[-] Author : MEHRAN_FEIZI
[-] Vendor : https://wordpress.org/plugins/prismatic /
[-] Tested on : Windows
[-] Category : Webapps
[-] Date : 2020-02-20
=====================================================================================================
Vulnerable page :
prismatic/inc/settings-display.php
======================================================================================================
Vulnerable Source :
35: echo echo $tab_active;
27: $tab_active = sanitize_text_field($_GET['tab']) : 'tab1';
=======================================================================================================
POC :
http://localhost/wp-content/plugins/prismatic/inc/settings-display.php?tab=[XSS]
=======================================================================================================
************************
* ==> Contact With We :
* Telegram : @MF0584
* Email : mehranfeizi13841384@gmail.com
************************