CVE-2017-9288
MEDIUM NUCLEIRaygun4WP 1.8.0 - Reflected Cross-Site Scripting via sendtesterror.php backurl Parameter
Title source: llmExploitation Summary
CVE-2017-9288 has a Nuclei detection template available — see the Nuclei card below for the Shodan/FOFA recon queries.
Description
The Raygun4WP plugin 1.8.0 for WordPress is vulnerable to a reflected XSS in sendtesterror.php (backurl parameter).
Nuclei Templates (1)
WordPress Raygun4WP <=1.8.0 - Cross-Site Scripting
MEDIUMby daffainfo
References (4)
Core 4
Core References
Third Party Advisory x_refsource_misc
https://github.com/MindscapeHQ/raygun4wordpress/issues/16
Third Party Advisory x_refsource_misc
https://wpvulndb.com/vulnerabilities/8836
Third Party Advisory x_refsource_misc
https://github.com/MindscapeHQ/raygun4wordpress/pull/17
Exploit, Third Party Advisory x_refsource_misc
http://jgj212.blogspot.kr/2017/05/a-reflected-xss-vulnerability-in.html
Scores
CVSS v3
6.1
EPSS
0.0398
EPSS Percentile
89.1%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (1)
raygun/raygun4wp
1.8.0
Published
May 29, 2017
Tracked Since
Feb 18, 2026