PrePost SEO <= 3.0 – Admin+ Stored Cross-Site Scripting | CVE 2023-2029

Description

The plugin does not properly sanitize some of its settings, which could allow high-privilege users to perform Stored Cross-Site Scripting (XSS) attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

Proof of Concept

1. Add XSS payload to plugin's "Account API key" setting: "><iframe src="<svg onload=alert(4);>">

2. Save and see XSS exploit.

Affects Plugins

prepost-seo

No known fix

References

CVE

CVE-2023-2029

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CWE-79

CVSS

3.5 (low)

Miscellaneous

Original Researcher

Taurus Omar

Submitter

Taurus Omar

Submitter website

https://taurusomar.com

Submitter twitter

@TaurusOmar_

Verified

Yes

WPVDB ID

4889ad5a-c8c4-4958-b176-64560490497b

Timeline

Publicly Published

2023-06-19 (about 10 months ago)

Added

2023-06-19 (about 10 months ago)

Last Updated

2023-06-19 (about 10 months ago)

Other

Published

Title

Published

2021-01-15

Title

Easy Contact Form Pro < 1.1.1.9 - Authenticated Stored Cross-Site Scripting (XSS)

Published

2015-08-26

Title

Smart Slider 2 <= 2.3.11 - Authenticated Reflected Cross-Site Scripting (XSS)

Published

2023-01-13

Title

WP Better Emails <= 0.4 - Admin+ Stored XSS

Published

2015-06-16

Title

Salient Theme < 5.5.53 - DOM Cross-Site Scripting (XSS)

Published

2023-02-23

Title

CM Answers < 3.2.0 - Admin+ Stored XSS