Sitepress Multilingual CMS Plugin Unauthenticated Stored XSS
Sitepress Multilingual CMS Plugin Unauthenticated Stored XSS
## FULL DISCLOSURE
#Product : Sitepress Multilingual CMS Plugin #Exploit Author : Rahul Pratap Singh #Version : 3.6.3 and Below #Home page Link : https://wpml.org/ #Date : 08/10/2018
Unauthenticated Stored XSS Vulnerability:
—————————————- Description: —————————————- “locale_file_name_en” parameter is not sanitized that leads to stored XSS.
—————————————- Vulnerable Code: —————————————-
—————…
View On WordPress











