WordPress Plugin Vulnerabilities
Rock Convert < 2.6.0 - Reflected Cross-Site Scripting
Description
The plugin does not sanitise and escape an URL before outputting it back in an attribute when a specific widget is present on a page, leading to a Reflected Cross-Site Scripting
Proof of Concept
On a page where the "Capture box | Rock Convert" widget is present, append ?"><script>alert(/XSS/)</script>, e.g: https://example.com/?"><script>alert(/XSS/)</script>
Affects Plugins
References
CVE
Classification
Type
XSS
OWASP top 10
CWE
CVSS
Miscellaneous
Original Researcher
José Ricardo
Submitter
José Ricardo
Submitter website
Verified
Yes
WPVDB ID
Timeline
Publicly Published
2022-10-10 (about 1 years ago)
Added
2022-10-10 (about 1 years ago)
Last Updated
2022-10-10 (about 1 years ago)