The changelog for the latest version of the WordPress plugin GreenShift reads “Added: Lighbox improvements and security improvements for social share block, typography options.” The security improvement referenced in that appears to refer to adding  escaping when outputting user input from a block. Even in the code being modified the escaping is incomplete, which is confirmed with the proof of concept below. That means there is currently an authenticated persistent cross-site scripting (XSS) vulnerability in the plugin. Other similar code also doesn’t have need escaping. We have notified the developer of that and offered to help them address that.

…

[Read more]

Recently Automattic’s WPScan claimed that an authenticated persistent cross-site scripting (XSS) vulnerability had been fixed in the plugin Greenshift. As is often the case, their information is incorrect. While there is a vulnerability, in reviewing the changes that were supposed to address this, we found the fix was incomplete.

…

[Read more]