The plugin does not validate and escapes one of its shortcode attributes, which could allow users with a role as low as a contributor to perform a Stored Cross-Site Scripting attack.
1. Add a product item to the plugin. The item name, for example, “first”. You will also use this in the shortcode. 2. Exploit shortcode: [button_to_cart item=‘first’ value=‘SUBMIT" onmouseover=“alert(1)” style=“border:5px solid red;”’]
CPE | Name | Operator | Version |
---|---|---|---|
usc-e-shop | lt | 2.8.9 |