CVE-2019-14470 Scanner
CVE-2019-14470 scanner - Cross-Site Scripting (XSS) vulnerability in UserPro plugin for WordPress
Short Info
Level
Medium
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 seconds
Time Interval
1 month 1 day
Scan only one
URL
Toolbox
-
UserPro is a plugin for WordPress that allows website owners to create a community or a membership site. This plugin provides a user-friendly interface that is suitable for users who have no programming experience but want to add advanced features to their WordPress website. UserPro provides features such as user management, the ability to create custom login/registration forms, social media integration, and custom profile fields. The plugin is heavily relied upon by WordPress users because of its ease of use and customization possibilities.
However, a vulnerability in the UserPro plugin was discovered in CVE-2019-14470. This vulnerability is related to the Instagram PHP API (aka cosenary Instagram-PHP-API) used within the UserPro plugin. The error_description parameter of example/success.php file in the API is not properly validated, resulting in an XSS (cross-site scripting) vulnerability. This vulnerability allows attackers to execute harmful scripts on the website, stealing user data and compromising the security of the website.
When this vulnerability is exploited, it can lead to dire consequences for website owners and users. Attackers can steal sensitive data such as usernames, passwords, and personal information, among other things. Hackers can use this information for malicious purposes, including identity theft, blackmail, or fraud. Additionally, the attackers can take full control of the website and perform any actions they desire on it, eventually causing loss of data or even stealing confidential information such as credit card information, among others.
In conclusion, it is important to be aware of the vulnerabilities present in digital assets and take the necessary precautions to protect them. The s4e.io platform offers pro features that can quickly and easily inform website owners about the vulnerabilities present in their digital assets. So, if you're a website owner who values the security of their digital assets, s4e.io is the right platform to help you in monitoring the security of your digital assets.
REFERENCES
