Astra Bulk Edit
Monthly
A DOM-based Cross-Site Scripting (XSS) vulnerability exists in the Brainstorm Force Astra Bulk Edit WordPress plugin through version 1.2.10, allowing authenticated attackers to inject malicious scripts that execute in the context of other users' browsers. An attacker with low-privilege account access (e.g., contributor or editor role) can craft malicious input that, when processed by the bulk edit functionality, results in arbitrary JavaScript execution affecting site administrators and other users. The vulnerability requires user interaction (UI:R) but can affect multiple users across the site due to its stored/DOM-based nature, making it a persistent attack vector for privilege escalation or data exfiltration.
A DOM-based Cross-Site Scripting (XSS) vulnerability exists in the Brainstorm Force Astra Bulk Edit WordPress plugin through version 1.2.10, allowing authenticated attackers to inject malicious scripts that execute in the context of other users' browsers. An attacker with low-privilege account access (e.g., contributor or editor role) can craft malicious input that, when processed by the bulk edit functionality, results in arbitrary JavaScript execution affecting site administrators and other users. The vulnerability requires user interaction (UI:R) but can affect multiple users across the site due to its stored/DOM-based nature, making it a persistent attack vector for privilege escalation or data exfiltration.