WordPress GDPR & CCPA < 1.9.27 - Unauthenticated Reflected Cross-Site Scripting

The check_privacy_settings AJAX action of the WordPress GDPR WordPress plugin before 1.9.27, available to both unauthenticated and authenticated users, responds with JSON data without an "application/json" content-type. Since an HTML payload isn't properly escaped, it may be interpreted by a web browser led to this endpoint. Javascript code may be executed on a victim's browser. Due to v1.9.26 adding a CSRF check, the XSS is only exploitable against unauthenticated users (as they all share the same nonce)

N/A

N/A

WordPress plugin 跨站脚本漏洞

WordPress plugin是WordPress开源的一个应用插件。 WordPress plugin GDPR 插件存在跨站脚本漏洞，该漏洞源于1.9.27之前的WordPress GDPR WordPress插件的检查隐私设置AJAX动作，对未经认证和已认证的用户都可用，响应JSON数据，而不是应用JSON内容类型。由于HTML有效载荷没有被正确转义，它可能被web浏览器解释到这个端点。Javascript代码可能会在受害者的浏览器上执行。

N/A

N/A