Access Control: WordPress PHPFreeChat 0.2.8 - Cross-Site Scripting¶
Identifier:
wp_phpfreechat_xss
Scanner(s) Support¶
| GraphQL Scanner | REST Scanner | WebApp Scanner | ASM Scanner |
|---|---|---|---|
Description¶
WordPress PHPFreeChat 0.2.8 plugin contains a cross-site scripting vulnerability via the url parameter, allowing attackers to execute arbitrary scripts and steal cookie-based authentication credentials.
How we test: We test for XSS vulnerabilities in the WordPress PHPFreeChat plugin by injecting malicious payloads into the url parameter and analyzing responses to detect if scripts are executed in the browser.
Reference:
- https://www.exploit-db.com/exploits/37485
- http://web.archive.org/web/20210120061848/https://www.securityfocus.com/bid/54332/info
Configuration¶
Example¶
Example configuration:
Reference¶
skip¶
Type : boolean
Skip the test if true.