WordPress Plugin Vulnerabilities
ShortPixel Adaptive Images < 3.6.3 - Reflected XSS
Description
The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against any high privilege users such as admin
Proof of Concept
https://example.com/?SPAI_VJS=%3C/script%3E%3Cimg%20src%3D1%20onerror%3Dalert(/XSS/);%3E
Affects Plugins
References
CVE
Classification
Type
XSS
OWASP top 10
CWE
CVSS
Miscellaneous
Original Researcher
dc11
Submitter
dc11
Verified
Yes
WPVDB ID
Timeline
Publicly Published
2023-01-31 (about 1 years ago)
Added
2023-01-31 (about 1 years ago)
Last Updated
2023-02-03 (about 1 years ago)