mirror of
https://github.com/0xMarcio/cve.git
synced 2026-05-25 04:24:05 +02:00
0xMarcio
853 B
853 B
CVE-2022-0321
&color=brighgreen)
Description
The WP Voting Contest WordPress plugin before 3.0 does not sanitise and escape the post_id parameter before outputting it back in the response via the wpvc_social_share_icons AJAX action (available to both unauthenticated and authenticated users), leading to a Reflected Cross-Site Scripting issue
POC
Reference
Github
No PoCs found on GitHub currently.