Access Control: WordPress Woody Code Snippets \<2.4.6 - Cross-Site Scripting¶

Identifier: wp_insert_php_xss

Scanner(s) Support¶

GraphQL Scanner	REST Scanner	WebApp Scanner	ASM Scanner

Description¶

WordPress Woody Code Snippets plugin before 2.4.6 contains a cross-site scripting vulnerability due to unescaped URLs being output in attributes.

How we test: We test for XSS vulnerabilities in the WordPress Woody Code Snippets plugin by injecting malicious payloads and analyzing responses to detect if unescaped URLs allow script execution in the browser.

Reference:

https://wpscan.com/vulnerability/6d6761b7-0c17-4428-8748-2179732030a3

Configuration¶

Example¶

Example configuration:

---
security_tests:
  wp_insert_php_xss:
    skip: false

Reference¶

`skip`¶

Type : boolean

Skip the test if true.