Proofreading < 1.1 - Reflected XSS

2023-10-2400:00:00

wpscan.com

reflected xss

sanitisation

escape

high privilege users

admin

software

AI Score

6.1

Confidence

High

EPSS

0.001

Percentile

17.0%

JSON

Description The plugin does not sanitise and escape some parameters before outputting them back in the page, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin

References

patchstack.com/database/vulnerability/proofreading/wordpress-proofreading-plugin-1-0-11-reflected-cross-site-scripting-xss-vulnerability

www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/proofreading/proofreading-1011-reflected-cross-site-scripting