During a security research I found an authenticated Stored XSS vulnerability. The name of the plugin is: WordPress WP Subscribe plugin, the version of the affected plugin: < 1.2.12


Authenticated Stored Cross-Site Scripting (XSS) vulnerability discovered 
by Asif Nawaz Minhas (Patchstack Alliance) in WordPress WP Subscribe plugin (versions <= 1.2.12).


on the left column went to Appearance > Widgets. 

Here clicked on the plus button and added WP Subscribe Widget. 
Now when you go to the widget settings of WP Subscribe Widget, click on Labels. 
Now scroll down to Consent Label. 
Add there the following payload: 

<img src onerror=alert(/XSS/)>

Click now on the blue button on the far right Update. 
Now log out of Wordpress and visit the homepage or any page of your website. 
And you will see the stored XSS popping up on every web page of your site you visit

Additional information

PATCHSTACK link: https://patchstack.com/database/vulnerability/wp-subscribe/wordpress-wp-subscribe-plugin-1-2-12-authenticated-stored-cross-site-scripting-xss-vulnerability


NIST LINK: https://nvd.nist.gov/vuln/detail/CVE-2021-36844

Plugin has more than 20,000+ active installations.