.. / CVE-2017-9288

Exploit for WordPress Raygun4WP <=1.8.0 - Cross-Site Scripting (CVE-2017-9288)

Description:

WordPress Raygun4WP 1.8.0 contains a reflected cross-site scripting vulnerability via sendtesterror.php.

Nuclei Template

View the template here CVE-2017-9288.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2017/CVE-2017-9288.yaml
Copy

References:

https://github.com/MindscapeHQ/raygun4wordpress/issues/16
https://wpvulndb.com/vulnerabilities/8836
http://jgj212.blogspot.kr/2017/05/a-reflected-xss-vulnerability-in.html
https://nvd.nist.gov/vuln/detail/CVE-2017-9288
https://github.com/MindscapeHQ/raygun4wordpress/pull/17