Store XSS Vulnerability in Wordpress plugin Markdown on Save Improved Version 2.5

There is a Store XSS Vulnerability in Wordpress plugin  Markdown on Save Improved Version 2.5

post in content input the xss payload <img src=x onerror=alert(0)>

and click Toggle preview button

and visite the post can find xss

Discoverer:Funny.Wei  &  Lncken

CVE ID :

CVE-2017-9337

3 Comments.

  1. alice /

    唔,了解到这是一个影响灰常坏的plugin了。

  2. alice /

    某个plugin的啊

Reply