Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
The "WordPress Plugin WPML Version < 4.6.1 Cross-Site Scripting" module is designed to detect a vulnerability in the WPML plugin for WordPress. WPML is a popular plugin used for multilingual websites. This module specifically targets versions of WPML that are older than 4.6.1. The severity of this vulnerability is classified as medium.
If exploited, this vulnerability allows an attacker to inject malicious scripts into the WPML plugin, potentially leading to unauthorized access, data theft, or other malicious activities. This can compromise the security and integrity of the affected WordPress website.
The module works by sending a GET request to the "/wp-login.php?wp_lang=en_US%27" path of the WordPress website. It then checks the response for specific conditions to determine if the vulnerability exists.
The matching conditions for this module are as follows:
- The response status code must be 200. - The response body must contain the words "#039;\"=" and "wpml_lang".If both conditions are met, the module flags the vulnerability and triggers the specified action, which is to report the vulnerability.