WordPress Plugin Vulnerabilities

Clipr <= 1.2.3 - Admin+ Stored Cross-Site Scripting

Description

The plugin does not sanitise and escape its API Key settings before outputting it in an attribute, leading to a Stored Cross-Site Scripting issue even when the unfiltered_html capability is disallowed

Proof of Concept

Put the following payload in the API Key settings of the plugin: '></script><script>alert(/XSS/)</script>

The XSS will be triggered when viewing the settings again, as well as all frontend pages

Affects Plugins

Plugin icon
clipr
No known fix

References

CVE
CVE-2022-1559
URL
https://packetstormsecurity.com/files/#166530/

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
3.4 (low)

Miscellaneous

Original Researcher
Hassan Khan Yusufzai - Splint3r7
Verified
Yes
WPVDB ID
99059337-c3cd-4e91-9a03-df32a05b719c

Timeline

Publicly Published
2022-03-30 (about 2 years ago)
Added
2022-03-30 (about 2 years ago)
Last Updated
2022-05-04 (about 2 years ago)

Other

Published
Title
Published
2023-11-17
Title
LearnPress < 4.2.5.5 - Reflected Cross-Site Scripting
Published
2021-07-30
Title
Custom Dashboard & Login Page - AGCA < 6.9.2 - Admin+ Stored Cross-Site Scripting
Published
2024-05-02
Title
Simple Image Popup <= 2.4.0 - Authenticated (Admin+) Stored Cross-Site Scripting
Published
2024-01-03
Title
Keap Official Opt-in Forms <= 1.0.11 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2023-10-20
Title
Add Custom Body Class <= 1.4.1 - Contributor+ Stored Cross-Site Scripting