CVE-2022-36383 Stored XSS vulnerabilities in the WHA Word Search Puzzles game plugin = 2.0.1 at WordPress.

The first two were found by the security researcher, Mihai Budiu. In the first one, a user can be convinced to visit a malicious website by entering a URL. The second issue is that the game plugin does not validate user-supplied input before using it to generate a game board. This might lead to XSS attacks where a remote attacker can inject arbitrary HTML and script code into the game. Both of these issues can be fixed by upgrading to the latest version of the plugin. As for the third issue, it is important to note that this is a cross-site scripting vulnerability. An attacker can craft a specially-crafted request, and the user of the plugin will be redirected to a different website and script code can be injected into that website. You can read more details about these issues at the WordPress security team blog.

WordPress Plugin - Extremely Violent People

A new WordPress plugin is being promoted as a way of combating the growing problem of violent extremism. The plugin, Extremely Violent People, was created by Mihai Budiu and has been endorsed by the American Muslim Peace Network. It comes with features that allow users to create profiles for people who are participating in violence or terrorism.
The plugin also allows users to track their family members who may be involved in violence or terror, as well as share this information with law enforcement agencies.
However, it bears mentioning that there are some flaws in how the plugin is designed. Among these issues are that the website does not validate user-supplied input before using it to generate a game board and that it contains cross-site scripting vulnerabilities.

Conclusion: Be careful when choosing plugins for your website .

Conclusion

Be careful when choosing plugins for your website.
Be sure to use plugins that have been verified by the WordPress.org community.

Timeline

Published on: 09/21/2022 20:15:00 UTC
Last modified on: 09/23/2022 17:02:00 UTC

References