WebP Express <= 0.14.4 - Authenticated Stored XSS

2019-06-26T00:00:00
ID WPVDB-ID:19DF4F3E-BBE4-4260-9218-F8FD161220C7
Type wpvulndb
Reporter Akash Labade
Modified 2020-09-22T07:28:37

Description

Edit - WPScanTeam: The reported issue has been fixed in 0.14.5. Other sanitisation checks have been implemented in newest versions (such as 0.14.6 and 0.14.8) while the plugin was closed, so the fixed in is set to 0.14.8

PoC

Video POC : https://drive.google.com/file/d/1TtiTruCEGGg3U7LDC10gacvNfbGku6Gi/view?usp=sharing