WordPress Plugin Vulnerabilities
Sola Support Ticket <= 3.12 - XSS & Configuration Change
Description
Any logged in user with any role and access to wp-admin in any way can update plugin settings including allowing HTML to be parsed. One can also change any notification messages to include JS which then can be used to obtain information by forgery.
Proof of Concept
Make POST request to /wp-admin with parameters sola_st_save_settings:1 sola_st_settings_allow_html:1 sola_st_settings_thank_you_text:<script>alert(1);</script>
Affects Plugins
References
Miscellaneous
Submitter
Justin Greer
Submitter website
Submitter twitter
Verified
No
WPVDB ID
Timeline
Publicly Published
2016-01-28 (about 8 years ago)
Added
2016-02-14 (about 8 years ago)
Last Updated
2020-09-22 (about 3 years ago)