WordPress Plugin Vulnerabilities
Custom Base Terms < 1.0.3 - Admin+ Stored XSS
Description
The plugin does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
Proof of Concept
The options in the plugin settings are vulnerable to the following XSS payload: `"><script>alert(1)</script>` Enter the PoC in any of the settings and reload to see the XSS.
Affects Plugins
Fixed in version 1.0.3
References
Classification
Miscellaneous
Original Researcher
Ilyase Dehy and Aymane Mazguiti
Submitter
Aymane Mazguiti
Verified
Yes
Timeline
Publicly Published
2023-05-22 (about 4 months ago)
Added
2023-05-24 (about 4 months ago)
Last Updated
2023-05-24 (about 4 months ago)