The WP Games Embed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the [game] shortcode in all versions up to and including 0.1beta. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes such as 'width', 'height', 'src', 'title', 'description', 'game_url', 'main', and 'thumb', which are all directly concatenated into HTML output without any escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
The WP Games Embed plugin for WordPress contains a Stored XSS vulnerability in the [game] shortcode due to insufficient input sanitization on multiple attributes. Authenticated attackers with Contributor access can inject malicious scripts that execute when users view affected pages.
تحتوي إضافة WP Games Embed على ثغرة Stored XSS في shortcode [game] حيث لا يتم تنظيف مدخلات المستخدم بشكل كافٍ. يمكن للمهاجمين المصرحين بمستوى المساهم أو أعلى حقن برامج نصية ضارة في الصفحات. تنفذ البرامج النصية المحقونة عندما يزور المستخدمون الصفحات المتأثرة.
The WP Games Embed plugin for WordPress contains a Stored XSS vulnerability in the [game] shortcode due to insufficient input sanitization on multiple attributes. Authenticated attackers with Contributor access can inject malicious scripts that execute when users view affected pages.
Update the WP Games Embed plugin to a patched version immediately. Implement strict input validation and output escaping for all shortcode attributes. Restrict Contributor-level permissions to trusted users only. Consider using WordPress security plugins to detect and prevent XSS attacks. Review user roles and capabilities regularly.
قم بتحديث إضافة WP Games Embed إلى نسخة مصححة فوراً. طبق التحقق الصارم من المدخلات والهروب من المخرجات لجميع خصائص Shortcode. قيد صلاحيات مستوى المساهم للمستخدمين الموثوقين فقط. فكر في استخدام إضافات أمان WordPress للكشف عن هجمات XSS ومنعها. راجع أدوار وقدرات المستخدمين بشكل منتظم.