WordPress Plugin Vulnerabilities
Rock Convert < 2.6.0 - Reflected Cross-Site Scripting
Description
The plugin does not sanitise and escape an URL before outputting it back in an attribute when a specific widget is present on a page, leading to a Reflected Cross-Site Scripting
Proof of Concept
On a page where the "Capture box | Rock Convert" widget is present, append ?"><script>alert(/XSS/)</script>, e.g: https://example.com/?"><script>alert(/XSS/)</script>
Affects Plugins
Fixed in version 2.11.0
References
Classification
Miscellaneous
Original Researcher
José Ricardo
Submitter
José Ricardo
Submitter website
Verified
Yes
Timeline
Publicly Published
2022-10-10 (about 7 months ago)
Added
2022-10-10 (about 7 months ago)
Last Updated
2022-10-10 (about 7 months ago)