The plugin does not sanitize and escape some imported data, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
- Make a test form and then export it to your system. - Edit the file and enter an XSS payload like "<img src=x onerror=alert('XSS')" inside the title object in the JSON file. - Go back to the import/export tab and notice that the payload was executed
Muhammad Adel
Yes
2022-06-10 (about 1 years ago)
2022-06-13 (about 1 years ago)
2023-03-13 (about 6 months ago)