Advance WP Query Search Filter WordPress Plugin Reflected Cross-Site Scripting Vulnerability

A reflected cross-site scripting vulnerability has been identified in the Advance WP Query Search Filter WordPress plugin, versions through 1.0.10. The issue arises because the plugin fails to properly sanitize and escape a parameter before displaying it on the page. This vulnerability could be exploited against high-privilege users, such as administrators.

Impact

Exploitation of this vulnerability allows for reflected cross-site scripting, where an attacker can inject malicious scripts that are executed in the context of the user's browser.

Reproduction

To reproduce this vulnerability, install the Advance WP Query Search Filter WordPress plugin, version 1.0.10 or earlier. Then, send a POST request to 'wp-admin/admin-ajax.php' with the 'action' parameter set to 'taxo_ajax'. Include a 'excl' parameter with a value that contains unescaped HTML, such as a script tag. Once the request is submitted, the injected script will execute, demonstrating the cross-site scripting vulnerability.