better-wordpress-recaptcha Better WordPress reCAPTCHA <= 2.0.3 – Unauthenticated Cross-Site Scripting (XSS)
There is a reflected XSS vulnerability in Better WordPress reCAPTCHA plugin version 2.0.3, and possibly below.

The parameter cerror value is reflected in the page when this plugin is enabled. Once plugin disabled, the "cerror" parameter's value is not reflected in the page anymore.

This is the HTML source code:

<input id="url" name="url" type="url" value="" size="30" maxlength="200" /></p>
<p class="bwp-recaptcha-error error">Unknown error (\"><iMg src=N onerror=alert(9)>). Please contact an administrator for more info.</p>

SEO News and More

SEO News and More

Share This