Wordpress Profile Builder Plugin: Stored XSS - Spentera Blog

WordPress Profile Builder Plugin: Stored XSS

by f3ci / March 10, 2017

Simple stored Cross Site Scripting (XSS) found in WordPress Profile Builder Plugin version 5.2.7 and below.
This is just a PoC example, just fill in the minimum password length field with


After we save the changes, the injected JavaScript executed successfully. This indicates that the plugin has a stored XSS vulnerability.


Leave a Comments

Your email address will not be published. Required fields are marked *