Access Control: Zebra_Form PHP Library \<= 2.9.8 - Cross-Site Scripting¶
Identifier:
wordpress_zebra_form_xss
Scanner(s) Support¶
| GraphQL Scanner | REST Scanner | WebApp Scanner | ASM Scanner |
|---|---|---|---|
Description¶
Zebra_Form PHP library 2.9.8 and prior used by WordPress plugins is affected by reflected cross-site scripting vulnerabilities via process.php.
How we test: We test for XSS vulnerabilities in WordPress plugins using the Zebra_Form library by injecting malicious payloads into process.php and analyzing responses to detect if scripts are reflected and executed in the browser.
Reference:
- https://blog.wpscan.com/2021/02/15/zebra-form-xss-wordpress-vulnerability-affects-multiple-plugins.html
- https://wpscan.com/vulnerability/e4b796fa-3215-43ff-a6aa-71f6e1db25e5
Configuration¶
Example¶
Example configuration:
Reference¶
skip¶
Type : boolean
Skip the test if true.