WordPress Plugin Vulnerabilities

Admin Menu <= 1.1 - Authenticated Cross-Site Scripting (XSS)

Description

The Admin Menu WordPress plugin, versions 1.1 and below, were vulnerable to Authenticated Cross-Site Scripting (XSS) within the "role" GET parameter.

Proof of Concept

http://www.example.com/wp-admin/admin.php?page=admin-menu-pro&role=<script>alert(String.fromCharCode(88,83,83))</script>

Affects Plugins

Plugin icon
admin-menu
No known fix

References

URL
https://zeroaptitude.com/zerodetail/wordpress-plugin-bug-hunting-part-1/

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
4.6 (medium)

Miscellaneous

Original Researcher
zerodetail & ratherbland
Verified
No
WPVDB ID
6a698c0e-9baf-4847-95ff-181843f037e7

Timeline

Publicly Published
2020-08-10 (about 3 years ago)
Added
2020-08-26 (about 3 years ago)
Last Updated
2020-08-27 (about 3 years ago)

Other

Published
Title
Published
2016-10-10
Title
Photoxhibit <= 2.1.8 - Reflected XSS Issues
Published
2014-04-25
Title
Import Legacy Media <= 0.1 - Unauthenticated Reflected Cross-Site Scripting (XSS)
Published
2014-09-17
Title
Webcam 2Way Videochat < 4.41.2 - Cross-Site Scripting (XSS)
Published
2014-08-01
Title
wp-football 1.1 - Multiple Cross-Site Scripting (XSS)
Published
2015-03-09
Title
Pie Register <= 2.0.14 - Cross-Site Scripting (XSS)