25 Apr

Reflected Cross-Site Scripting (XSS) Vulnerability in User Role by BestWebSoft

We recently discovered the User Role by BestWebSoft plugin had a reflected cross-site scripting (XSS) vulnerability. In version 1.5.1, and some prior versions, the file /user-role.php was echoing a GET or POST variable without escaping it. That occurred on line 233: <input type=”hidden” name=”srrl_blog_id” value=”<?php echo $_REQUEST[‘srrl_blog_id’]; ?>”/> Proof Of Concept The following proof of concept URL will [Read more]