WordPress Plugin Vulnerabilities
Chat Bubble < 2.3 - Unauthenticated Stored Cross-Site Scripting
Description
The plugin does not sanitise and escape some contact parameters, which could allow unauthenticated attackers to set Stored Cross-Site Scripting payloads in them, which will trigger when an admin view the related contact message
Proof of Concept
Setup: - In the General Settings of the plugin, check the "Show Chat Bubble at website" checkbox and save. - In the "Bubble Items" enable the "Simple CallBack" and save. Attacker (unauthenticated): - Access the blog and click on the contact bubble. - In any of the offered fields (fname or fphone), enter the following payload and click "Submit": <script>alert(/XSS/)</script> The XSS will be triggered when an admin will view the related Callback Message via the Callback dashboard (/wp-admin/edit.php?post_type=cbb_callback => /wp-admin/post.php?post=21&action=edit)
Affects Plugins
Fixed in version 2.3
References
Classification
Miscellaneous
Original Researcher
Juampa Rodríguez
Submitter
Juampa Rodríguez
Submitter website
Submitter twitter
Verified
Yes
Timeline
Publicly Published
2022-10-18 (about 3 months ago)
Added
2022-10-18 (about 3 months ago)
Last Updated
2022-10-19 (about 3 months ago)