The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
1. Go to /wp-admin/admin.php?page=ee-simple-file-list&tab;=settings 2. Scroll to “File List Display”. 3. In “File Description” insert the payload " onfocus=“alert(1)”. 4. Save and an XSS alert will be triggered when clicking on the “File Description” field after saving. The same attack can be used against the other text fields on the page.
CPE | Name | Operator | Version |
---|---|---|---|
simple-file-list | lt | 6.0.10 |