WP Site Protect 1.0 – Cross-Site Scripting (XSS) | Plugin Vulnerabilities

Description

The wp-site-protect allows to protect the access to a wordpress website with a global password. Passwords can be randomly generated or manually set, the "password" field is not properly sanitized, allowing some XSS in different views of the plugins in the administration section.

It seems that the author has not yet updated the plugin version on the WordPress plugins' website.

Affects Plugins

wp-site-protect

No known fix

References

URL

https://github.com/vaurdan/wp-site-protect/commit/aee26df15319e69a03f16e778ef7c862341a83dc

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

Miscellaneous

Submitter

Julien Egloff (Synacktiv)

Submitter website

https://www.synacktiv.com/en/

Verified

No

WPVDB ID

bbd185c7-cecf-4868-86e9-f83bcb2ccefe

Timeline

Publicly Published

2017-12-19 (about 8 years ago)

Added

2018-03-19 (about 8 years ago)

Last Updated

2019-11-01 (about 6 years ago)

Other

Published

Title

Published

2023-07-13

Title

Dovetail <= 1.2.13 - Admin+ Stored Cross-Site Scripting

Published

2015-10-27

Title

NextGEN Gallery < 2.1.10 - Multiple XSS

Published

2024-10-29

Title

Ultimate TinyMCE <= 5.7 - Authenticated (Contributor+) Stored Cross-Site Scripting

Published

2026-01-13

Title

SearchWiz <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Title

Published

2023-06-05

Title

KiviCare Management System < 3.2.1 - Reflected Cross-Site Scripting