Solidres <= 0.9.4 - Multiple Reflected XSS

2023-03-1300:00:00

wpscan.com

solidres plugin

cross-site scripting

reflected xss

security vulnerability

admin privileges

0.001 Low

EPSS

Percentile

35.4%

JSON

The plugin does not sanitise and escape numerous parameter before outputting them back in pages, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin

PoC

Make a logged in admin open https://example.com/wp-admin/admin.php?page=sr-assets&filter;_city_listing="> https://example.com/wp-admin/admin.php?page=sr-reservations&filter;_customer_fullname=“>&filter;_guest_fullname=”>&filter;_checkin_from=“>&filter;_checkin_to=”>&filter;_checkout_from=“>&filter;_checkout_to=”> Other pages & parameters are affected

CPENameOperatorVersion
solidreseq*

CPE	Name	Operator	Version
	solidres	eq	*

0.001 Low

EPSS

Percentile

35.4%

JSON

Related for WPVDB-ID:C346FF80-C16B-4219-8983-708C64FA4A61