Stored XSS On Wordpress Infogram plugin
Medium
I
Infogram
Submitted None
Actions:
Reported by
mondhers
Vulnerability Details
Technical details and impact analysis
Hello Team,
There is a Stored XSS Vulnerability On Wordpress Infogram plugin.
**Wordpress version : 4.5**
**Infogram plugin version : 1.5.1**
After installing wordpress and infogram plugin.
I created a project to infogram with the following name **"><img src=x onerror=prompt(0);>** and I Created a simple report.
Then I go back to my wordpress site to add an infogram graphic using **Add from infogram** Button.
a window opens with a pop up.
Best regards,
Report Details
Additional information and metadata
State
Closed
Substate
Resolved
Submitted
Weakness
Cross-site Scripting (XSS) - Stored