The plugin does not sanitise and escape reviews, which could allow users any authenticated users, such as Subscribers to perform Stored Cross-Site Scripting attacks
As a subscriber, submit a review (a page/post with [ms_reviews] embed) with the following payload: The XSS will be triggered when anyone (including an admin) will view the page/post in the frontend
CPE | Name | Operator | Version |
---|---|---|---|
ms-reviews | eq | * |