Y
Hacker News
new
|
ask
|
show
|
jobs
by
squish101
5146 days ago
Hi, just a heads up, I think your site has the XSS vulnerability, namely parameter "s" - common in wordpress search function. To see it in action, try adding "/?s=aaa<script>alert(16354)<%2Fscript>" at the end.
1 comments
sgdesign
5146 days ago
That didn't do anything for me. I'd hope WordPress escapes MySQL and JS code from query strings, that seems like a pretty big vulnerability…
link