Exploits / Vulnerability Discovered : 2019-08-26 |
Type : webapps |
Platform : php
This exploit / vulnerability Wordpress plugin userpro 4.9.32 crosssite scripting is for educational purposes only and if it is used you will do on your own risk!
The WordPress plug-in 'UserPro' uses a Instagram library (Instagram PHP API V2 by cosenary) that
is vulnerable for Reflected Cross-Site Scripting (XSS).
There is more vulnerable code in 'UserPro' core, might release that later.
As of today (25 August 2019) this issue is unfixed.