The plugin adds a shortcode that prints out other pages' content and custom fields. It can be used by users with a role as low as Contributor to perform Cross-Site Scripting attacks by storing the payload/s in another post's custom fields.
- Create a page A - Add a custom field containing JS in Page A - Create page B - add shortcode to page B: [insert page="page_A_slug" display="all"]
Francesco Carlucci
Francesco Carlucci
Yes
2021-10-18 (about 7 months ago)
2021-10-18 (about 7 months ago)
2022-04-16 (about 1 months ago)