CVEs-PoC/2016/CVE-2016-10865.md

CVE-2016-10865

Description

The Lightbox Plus Colorbox plugin through 2.7.2 for WordPress has cross-site request forgery (CSRF) via wp-admin/admin.php?page=lightboxplus, as demonstrated by resultant width XSS.

POC

Reference

• https://www.pluginvulnerabilities.com/2016/04/05/cross-site-request-forgery-csrfcross-site-scripting-xss-vulnerability-in-lightbox-plus-colorbox/

Github

• https://github.com/20142995/nuclei-templates
• https://github.com/ARPSyndicate/cvemon