Access Control: WordPress Woody Code Snippets \<2.4.6 - Cross-Site Scripting¶

Identifier: wp_insert_php_xss

Scanner(s) Support¶

GraphQL Scanner	REST Scanner	WebApp Scanner

Description¶

WordPress Woody Code Snippets plugin before 2.4.6 contains a cross-site scripting vulnerability. It does not escape generated URLs before outputting them back in an attribute.

Reference:

https://wpscan.com/vulnerability/6d6761b7-0c17-4428-8748-2179732030a3

Configuration¶

Example¶

Example configuration:

---
security_tests:
  wp_insert_php_xss:
    assets_allowed:
    - REST
    - GRAPHQL
    - WEBAPP
    skip: false

Reference¶

`assets_allowed`¶

Type : List[AssetType]*

List of assets that this check will cover.

`skip`¶

Type : boolean

Skip the test if true.