The plugin does not sanitise its Sharing Header setting when outputting it in frontend pages, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed
Put the following payload in the Sharing Header setting of the plugin: <svg onload=alert(/XSS/)> Then go to any page in the frontend to trigger the XSS
Asif Nawaz Minhas
Asif Nawaz Minhas
Yes
2021-08-09 (about 1 years ago)
2021-08-09 (about 1 years ago)
2022-08-02 (about 11 days ago)