Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings

Question

Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings

Opened this issue 6 months ago · 0 comments

Security Venerability

Available on: https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/sparkpost/sparkpost-325-authenticated-administrator-stored-cross-site-scripting-via-plugin-settings

The SparkPost plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin settings in versions up to, and including, 3.2.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled.