An issue exists in the wp-code-highlightjs plugin up to and including 0.6.2 for WordPress. wp-admin/options-general.php?page=wp-code-highlight-js allows CSRF, as demonstrated by an XSS payload in the hljs_additional_css parameter.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
wp-code-highlightjs project wp-code-highlightjs |