Google Analytics for WordPress (4.2.8) is vulnerable to cross-site scripting.
In wp-admin/options-general.php?page=google-analytics-for-wordpress page
go to "Internal Links to Track as Outbound" and as a 'Internal links to track as outbound'
form, type your XSS code.
'Label to use' form is also vulnerable. Both are persistent.
No comments:
Post a Comment
What do You think...?