Libsyn Publisher Hub <= 1.4.4 - Reflected XSS

2023-10-2500:00:00

wpscan.com

libsyn publisher hub

version 1.4.4

reflected xss

cross-site scripting

high privilege users

5.7 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.0%

JSON

Description The plugin does not sanitise and escape some parameters before outputting them back in the page, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin

References

patchstack.com/database/vulnerability/libsyn-podcasting/wordpress-libsyn-publisher-hub-plugin-1-4-4-cross-site-scripting-xss-vulnerability

www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/libsyn-podcasting/libsyn-publisher-hub-144-unauthenticated-cross-site-scripting