WordPress.org

Plugin Directory

random-image-selector

Opened 6 years ago

Last modified 5 years ago

#1488 new defect

XSS issue with plugin "Grou Random Image"

Reported by: prajal Owned by: kdmurray
Priority: high Severity: critical
Plugin: random-image-selector Keywords: XSS in plugin "Grou Random Image"
Cc:

Description

Hi team,

I have found an Cross site scripting issue in the wordpress plugin "Grou Random Image" wherein it enables attackers to inject client-side script into Web pages viewed by other users.The attack payload just requires inserting <script>alert('xss')</script> instead pf the image name, and the script gets executed on the behalf of the attacker.

I request you'll to fix the issue as soon as possible.

Prajal Kulkarni
prajal.trytohandleit@…

Change History (1)

comment:1 @adityabalapure5 years ago

Hello Prajal have you reported this to Bugtraq?

Note: See TracTickets for help on using tickets.