WP DS Blog Map <= 3.1.3 – Admin+ Stored Cross-Site Scripting | CVE 2022-2425 | Plugin Vulnerabilities

Description

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed (for example in multisite setup)

Proof of Concept

Put the following payload in any of the settings accepting a string (ie "This string in the page content will be replaced by the tag cloud", "Category prefix" etc): "><svg/onload=alert(/XSS/)>

Affects Plugins

No known fix

References

CVE

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CVSS

Miscellaneous

Original Researcher

Vinay Varma Mudunuri, Krishna Harsha Kondaveeti

Submitter

Vinay Varma Mudunuri

Verified

Yes

WPVDB ID

ca684a25-28ba-4337-a6d4-9477b1643c9d

Timeline

Publicly Published

2022-07-18 (about 1 years ago)

Added

2022-07-18 (about 1 years ago)

Last Updated

2023-04-17 (about 1 years ago)

Other

Published

Title

Published

2023-12-27

Title

Stock Ticker < 3.23.5 - Authenticated (Contributor+) Stored Cross-Site Scritping

Published

2015-02-26

Title

WP Media Cleaner <= 2.2.6 - Cross-Site Scripting (XSS)

Published

2023-01-10

Title

Page View Count < 2.6.1 - Contributor+ Stored XSS

Published

2024-04-03

Title

ElementsKit Elementor addons < 3.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget

Published

2024-02-06

Title

Timeline Widget For Elementor (Elementor Timeline, Vertical & Horizontal Timeline) < 1.5.4 - Authenticated (Contributor+) Stored Cross-Site Scripting