If you use the unfiltered_html setting and are logged in as a user with high privileges, an attacker could inject malicious code into comments or posts via the plugin’s settings page.
Version 1.1.2 and later of the Goolytics WordPress plugin fixed this issue by escaping unfiltered_html settings so that they are no longer accessible via XSS.
Goolytics before 1.1.2 does not escape all of its custom fields and comment settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
If you use the unfiltered_html setting and are logged in as a user with high privileges, an attacker could inject malicious code into comments or posts via the plugin’s settings page.
Goolytics before 1.1.2 does not escape all of its custom fields and comment settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
These issues have been fixed in version 1.1.3 and later.
How do I know if my site is vulnerable?
To determine if your site is vulnerable, follow these simple steps:
1. Log into your site as a user with high privileges.
2. Go to the Settings > Unfiltered_html setting and set it to yes.
3. Visit http://example.com/wordpress/wp-plugins/?p=goolo in your browser's address bar and view the source code for the plugin’s homepage to see if any XSS vulnerabilities exist. If an XSS vulnerability exists, you should take immediate action to prevent further attacks.
Timeline
Published on: 10/03/2022 14:15:00 UTC
Last modified on: 10/05/2022 13:12:00 UTC