Computer Repair Shop is vulnerable to stored XSS. When a user has admin capabilities, malicious code can be submitted through the plugin’s options. Fixed in version 2.0.
Proof of concept
Proof of concept will be posted on january 21th, to give users time to update the plugin.
Plugin name: Computer Repair Shop
Plugin URL: https://wordpress.org/plugins/computer-repair-shop/
Plugin Author: WebfulCreations
- Friday 10th of january 2020: Vulnerability detected by Jeroen Mulder. Plugin’s author notified
- Saturday 11th of january 2020: Vulnerability fixed by the author in version 2.0
- Monday 13th of january 2020: Vulnerability made public on wpvulndb.com