CVE-2019-14470 – UserPro <= 4.9.34 - Reflected Cross-Site Scripting

https://notcve.org/view.php?id=CVE-2019-14470

cosenary Instagram-PHP-API (aka Instagram PHP API V2), as used in the UserPro plugin through 4.9.32 for WordPress, has XSS via the example/success.php error_description parameter. cosenary Instagram-PHP-API (también se conoce como Instagram PHP API V2), como es usado en el plugin UserPro versiones hasta 4.9.32 para WordPress, presenta una vulnerabilidad de tipo XSS por medio del parámetro error_description del archivo example/success.php. WordPress UserPro versions 4.9.32 and below suffer from a cross site scripting vulnerability. • https://www.exploit-db.com/exploits/47304 http://packetstormsecurity.com/files/154206/WordPress-UserPro-4.9.32-Cross-Site-Scripting.html https://github.com/cosenary/Instagram-PHP-API/commits/master https://wpvulndb.com/vulnerabilities/9815 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •