Thursday, 20 December 2012

[EN] Google Analytics for WordPress 4.2.8 XSSed

Google Analytics for WordPress (4.2.8) is vulnerable to cross-site scripting.

In wp-admin/options-general.php?page=google-analytics-for-wordpress page
go to "Internal Links to Track as Outbound" and as a 'Internal links to track as outbound'
form, type your XSS code.

'Label to use' form is also vulnerable. Both are persistent.

No comments:

Post a Comment

What do You think...?