WordPress Stafflist 3.1.2 Cross Site Scripting

CVE Category Price Severity
CVE-2021-24407 CWE-79 $500 High
Author Risk Exploitation Type Date
Unknown High Remote 2022-05-03

CVSS vector description

Our sensors found this exploit at:

Below is a copy:

WordPress Stafflist 3.1.2 Cross Site Scripting
# Exploit Title: WordPress Plugin stafflist 3.1.2 - Reflected XSS (Authenticated)
# Date: 05-02-2022
# Exploit Author: Hassan Khan Yusufzai - Splint3r7
# Vendor Homepage:
# Version: 3.1.2
# Tested on: Firefox
# Contact me: h [at]

# Summary:

A cross site scripting reflected vulnerability has been identified in
WordPress Plugin stafflist version less then 3.1.2. that allows
unauthenticated users to run arbitrary javascript code inside
WordPress using Stafflist Plugin.



# Vulnerable Parameters

p and s parameters are vulnerable.

# Vulnerable Code:

$html = ($cur > 1 ? "<p class='pager'><a
</a></p>" : ""); //<

Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.