.. | |||
README.md | Loading last commit info... |
README.md
Better WordPress Google XML Sitemaps <= 1.4.1 - Unauthenticated Stored Cross-Site Scripting
Description
The plugin does not sanitise and escape its logs when outputting them in the admin dashboard, which could allow unauthenticated users to perform Stored Cross-Site Scripting attacks against admins
Proof of Concept
With the permalinks settings set to plain, as an unauthenticated user, open http://example.com/?bwpsitemap=%3Cimg%20src%20onerror=alert(/XSS/)%3E
The XSS will be triggered in the log dashboard of the plugin https://example.com/wp-admin/admin.php?page=bwp_gxs_stats