LifePress Plugin for WordPress Stored Cross-Site Scripting Vulnerability

A stored cross-site scripting vulnerability has been identified in the LifePress plugin for WordPress, affecting all versions through 2.2.2. The issue arises from the 'n' parameter in the 'lp_update_mds' AJAX action, which is registered without proper nonce verification or capability checks. This, combined with inadequate input sanitization and output escaping when the series name is displayed on the admin settings page, allows unauthenticated attackers to inject arbitrary scripts. These scripts are executed when a user accesses the compromised page.

Impact

Exploitation of this vulnerability allows for stored cross-site scripting, where injected scripts are executed in the context of the user viewing the page.

Reproduction

To reproduce this vulnerability, send a request to the 'lp_update_mds' AJAX action with an injected script in the 'n' parameter. The absence of nonce verification or capability checks will allow the injection to be processed and stored. Once injected, the script will execute when the injected series name is accessed on the admin settings page.