WordPress Plugin Vulnerabilities

Video Conferencing with Zoom < 4.0.10 - Contributor+ Stored XSS

Description

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.

Proof of Concept

1. Insert the following shortcode in a post/page: [zoom_list_meetings author='" onmouseover="alert(1)"']

2. Hover over the list or the "No Meetings Found" message if there are no elements to show, the alert will trigger successfully.

Affects Plugins

Plugin icon
video-conferencing-with-zoom-api
Fixed in 4.0.10

References

CVE
CVE-2022-4578

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
6.8 (medium)

Miscellaneous

Original Researcher
Lana Codes
Submitter
Lana Codes
Submitter website
https://lana.codes/
Submitter twitter
LanaCodes
Verified
Yes
WPVDB ID
fad16c68-9f14-4866-b241-40468fb71494

Timeline

Publicly Published
2022-12-29 (about 1 years ago)
Added
2022-12-22 (about 1 years ago)
Last Updated
2022-12-22 (about 1 years ago)

Other

Published
Title
Published
2024-04-18
Title
LearnPress – WordPress LMS Plugin < 4.2.6.5 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2022-11-11
Title
Broken Link Checker < 1.11.20 - Admin+ Cross-Site Scripting
Published
2022-12-01
Title
Afterpay Gateway for WooCommerce < 3.5.1 - Reflected Cross-Site Scripting
Published
2023-02-08
Title
Weixin Robot Advanced <= 6.2.2.1 - Reflected XSS
Published
2023-05-25
Title
Video Contest WordPress <= 3.2 - Admin+ Stored XSS