Ad Inserter < 2.7.12 – Reflected Cross-Site Scripting | CVE 2022-0901 | Plugin Vulnerabilities

Description

The plugins do not sanitise and escape the REQUEST_URI before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting in browsers which do not encode characters

Proof of Concept

In a browser which does not encode characters: https://example.com/wp-admin/options-general.php?page=ad-inserter.php&start=2&tab=\"><iframe/onload=alert(1)></iframe>

Affects Plugins

Fixed in 2.7.12

ad-inserter-pro

Fixed in 2.7.12

References

CVE

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CVSS

Miscellaneous

Original Researcher

Taurus Omar

Submitter

Taurus Omar

Submitter website

https://taurusomar.com

Submitter twitter

Verified

Yes

WPVDB ID

85582b4f-a40a-4394-9834-0c88c5dc57ba

Timeline

Publicly Published

2022-03-14 (about 2 years ago)

Added

2022-03-14 (about 2 years ago)

Last Updated

2022-04-11 (about 2 years ago)

Other

Published

Title

Published

2023-11-21

Title

Maspik – Spam blacklist < 0.9.3 - Unauthenticated Stored Cross-Site Scripting via efas_add_to_log

Published

2016-08-05

Title

Store Locator Plus for WordPress <= 4.5.10 - Authenticated Cross-Site Scripting (XSS)

Published

2016-05-06

Title

WordPress 4.2-4.5.1 - MediaElement.js Reflected Cross-Site Scripting (XSS)

Published

2024-04-16

Title

Attesa Extra < 1.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

Published

2014-08-01

Title

WordPress 'year' Cross-Site Scripting (XSS)