Reflected cross-site scripting in DirectoriesPro by SabaiApps | The Missing Link

Discovered by Jack Misiura on behalf of The Missing Link Security

Vulnerability Details

A reflected cross-site scripting (XSS) vulnerability in the WordPress SabaiApps DirectoriesPro plugin 1.3.45 allows remote attackers to inject arbitrary JavaScript or HTML via a POST to /wp-admin/admin.php?page=drts/directories&q=%2F with _drts_form_build_id parameter containing the XSS payload and _t_ parameter set to an invalid or non-existent CSRF token.

Successful exploitation of this issue may allow an attacker to perform unauthorised actions in the user’s security context.

Affected Versions

Discovered in: 1.3.45

Fixed Versions

Fixed in: 1.3.46

Latest News