header-logo
Suggest Exploit
vendor:
Adminimize Plugin for WordPress
by:
7.5
CVSS
HIGH
Cross-Site Scripting (XSS)
79
CWE
Product Name: Adminimize Plugin for WordPress
Affected Version From: 1.7.21
Affected Version To:
Patch Exists: NO
Related CWE:
CPE: a:adminimize_project:adminimize
Metasploit:
Other Scripts:
Platforms Tested: WordPress (all platforms)

Cross-Site Scripting Vulnerability in Adminimize Plugin for WordPress

The Adminimize plugin for WordPress is prone to a cross-site scripting vulnerability. This vulnerability occurs due to improper sanitization of user-supplied input. An attacker can exploit this vulnerability to execute arbitrary script code in the browser of an unsuspecting user, within the context of the affected site. This can lead to the theft of cookie-based authentication credentials and the execution of other attacks.

Mitigation:

To mitigate this vulnerability, users are advised to update to the latest version of the Adminimize plugin for WordPress. It is also recommended to input validation and sanitization techniques to prevent cross-site scripting attacks.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/50745/info

Adminimize plugin for WordPress is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.

Adminimize 1.7.21 is vulnerable; other versions may also be affected. 

http://www.example.com/[path]/wp-content/plugins/adminimize/adminimize_page.php?page=[xss]

Navigation

Suggest Exploit

Services By CQR