The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
1. Click the ‘Settings’ button of this plugin. 2. Enter the following value in all the input box: 123’" onmouseenter=“alert(/XSS/)” '. 3. Click the ‘Save Changes’ button on the page. 4. Refresh or re-enter the page and move the mouse over the input box to get the XSS trigger.
CPE | Name | Operator | Version |
---|---|---|---|
paypal-donations | lt | 1.9.9 |