CVE-2019-14470

Published: 04/09/2019 Updated: 05/09/2019

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 6.1 | Impact Score: 2.7 | Exploitability Score: 2.8

VMScore: 435

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

cosenary Instagram-PHP-API (aka Instagram PHP API V2), as used in the UserPro plugin up to and including 4.9.32 for WordPress, has XSS via the example/success.php error_description parameter.

Vulnerable Product	Search on Vulmon	Subscribe to Product
instagram-php-api project instagram-php-api -
userproplugin user pro

# Exploit Title: UserPro <= 4932 Reflected XSS # Google Dork: intitle:"Index of" intitle:"UserPro" -uploads # Date: 25 August 2019 # Exploit Author: Damian Ebelties (zerodayslol/) # Vendor Homepage: codecanyonnet/item/userpro-user-profiles-with-social-login/5958681 # Version: <= 4932 # Tested on: Ubuntu 18041 # CVE: CV ...

WordPress UserPro versions 4932 and below suffer from a cross site scripting vulnerability ...

CWE-79 http://packetstormsecurity.com/files/154206/WordPress-UserPro-4.9.32-Cross-Site-Scripting.html https://wpvulndb.com/vulnerabilities/9815 https://github.com/cosenary/Instagram-PHP-API/commits/master https://www.exploit-db.com/exploits/47304 https://nvd.nist.gov https://www.exploit-db.com/exploits/47304

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2019-14470

Vulnerability Summary

Vulnerability Trend

Exploits

References

Vulmon Search

About

Products

Connect