Title: XSS bug found.
Last modified: August 21, 2016

---

# XSS bug found.

 *  [Hacked](https://wordpress.org/support/users/applemonz/)
 * (@applemonz)
 * [12 years, 1 month ago](https://wordpress.org/support/topic/xss-bug-found/)
 * Hi,
    I found a XSS bug in this plugin.
 * Step to reproduce.
 * 1:- Go to the Plugin settings.
 * 2:- Add the payload to the OAuth Token box.
 * 3:-Boom we will get the XSS.
 * Payload:- “><img src=x onerror=prompt(‘XSS’);>
 * [https://wordpress.org/plugins/bitly/](https://wordpress.org/plugins/bitly/)

The topic ‘XSS bug found.’ is closed to new replies.

 * ![](https://s.w.org/plugins/geopattern-icon/bitly.svg)
 * [Official Bitly for WordPress](https://wordpress.org/plugins/bitly/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/bitly/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/bitly/)
 * [Active Topics](https://wordpress.org/support/plugin/bitly/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/bitly/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/bitly/reviews/)

## Tags

 * [xss](https://wordpress.org/support/topic-tag/xss/)

 * 0 replies
 * 1 participant
 * Last reply from: [Hacked](https://wordpress.org/support/users/applemonz/)
 * Last activity: [12 years, 1 month ago](https://wordpress.org/support/topic/xss-bug-found/)
 * Status: not resolved