The "Add Link to Facebook" plugin up to and including 2.3 for WordPress has XSS via the al2fb_facebook_id parameter to wp-admin/profile.php.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
add link to facebook project add link to facebook |