WP Site Protect 1.0 - Cross-Site Scripting (XSS)
The wp-site-protect allows to protect the access to a wordpress website with a global password. Passwords can be randomly generated or manually set, the "password" field is not properly sanitized, allowing some XSS in different views of the plugins in the administration section. It seems that the author has not yet updated the plugin version on the WordPress plugins' website.
|OWASP Top 10||A3: Cross-Site Scripting (XSS)|
|Submitter||Julien Egloff (Synacktiv)|
|Publicly Published||2017-12-19 (over 1 year ago)|
|Added||2018-03-19 (over 1 year ago)|
|Last Updated||2018-03-21 (over 1 year ago)|