Limited Black Friday Offer:

wpForo Forum <= 1.4.11 - Reflected Cross-Site Scripting (XSS) CVE-2018-11709 Scanner

Remote attacker can perform a reflected cross site scripting attack (XSS) by injecting malicious payload.

Short Info

Level

Medium

Type

Single Scan

Can be used by

Asset Owner

Estimated Time

10 sec

Scan only one

Url

Parent Category

wpForo Forum <= 1.4.11 - Reflected Cross-Site Scripting (XSS) CVE-2018-11709 Scanner Detail

wpforo_get_request_uri in wpf-includes/functions.php in the wpForo Forum plugin before 1.4.12 for WordPress allows Unauthenticated Reflected Cross-Site Scripting (XSS) via the URI.

https://blog.dewhurstsecurity.com/2018/06/01/wp-foro-wordpress-plugin-xss-vulnerability.html
https://wordpress.org/plugins/wpforo/#developers
https://wpvulndb.com/vulnerabilities/9090