Lucene search

K
wpexploitShivam RaiWPEX-ID:D72275BD-0C66-4B2A-940D-D5256B5426CC
HistorySep 15, 2021 - 12:00 a.m.

Shared Files < 1.6.57 - Admin+ Stored Cross-Site Scripting

2021-09-1500:00:00
Shivam Rai
273

0.001 Low

EPSS

Percentile

24.8%

The plugin does not sanitise and escape some of its settings before outputting them in attributes, which could lead to Stored Cross-Site Scripting issues.

Put the following payload in the "Folder for new files" and "Maximum size of uploaded file" settings of the plugin: "><script>alert(/XSS/)</script>

0.001 Low

EPSS

Percentile

24.8%

Related for WPEX-ID:D72275BD-0C66-4B2A-940D-D5256B5426CC