The plugin does not escape some of its settings when outputting them, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed
Put the following payload in any of the plugin's settings with a text input: - v < 6.7.9 - "><script>alert(/XSS/)</script> - v < 6.8.0 - " onfocus=alert(/XSS/)// For example in "404 Redirect" > "Redirected to the local URL" > "The URL", "URI Access" > Create > "Enter URL" etc The XSS will be triggered when accessing the plugin setting again
Huy Nguyen
Huy Nguyen
Yes
2021-10-19 (about 7 months ago)
2021-10-19 (about 7 months ago)
2022-04-14 (about 1 months ago)