The plugin does not sanitise and escape the Users Login, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed
Edit a user via the plugin's feature (/wp-admin/admin.php?page=vgse-bulk-edit-user), add the following payload in the Login Column, then save: "><img src onerror=prompt(/XSS/)> The XSS will be trigged when opening the Edit Users page again
Ankur Bakre
Ankur Bakre
Yes
2022-04-19 (about 2 months ago)
2022-04-19 (about 2 months ago)
2022-04-19 (about 2 months ago)