cve/2013/CVE-2013-3526.md

CVE-2013-3526

Description

Cross-site scripting (XSS) vulnerability in js/ta_loaded.js.php in the Traffic Analyzer plugin, possibly 3.3.2 and earlier, for WordPress allows remote attackers to inject arbitrary web script or HTML via the aoid parameter.

POC

Reference

• http://packetstormsecurity.com/files/121167/WordPress-Traffic-Analyzer-Cross-Site-Scripting.html
• http://packetstormsecurity.com/files/121167/WordPress-Traffic-Analyzer-Cross-Site-Scripting.html

Github

• https://github.com/ARPSyndicate/kenzer-templates
• https://github.com/d4n-sec/d4n-sec.github.io