WordPress Plugin Vulnerabilities
Chat Bubble < 2.3 - Unauthenticated Stored Cross-Site Scripting
Description
The plugin does not sanitise and escape some contact parameters, which could allow unauthenticated attackers to set Stored Cross-Site Scripting payloads in them, which will trigger when an admin view the related contact message
Proof of Concept
Setup: - In the General Settings of the plugin, check the "Show Chat Bubble at website" checkbox and save. - In the "Bubble Items" enable the "Simple CallBack" and save. Attacker (unauthenticated): - Access the blog and click on the contact bubble. - In any of the offered fields (fname or fphone), enter the following payload and click "Submit": <script>alert(/XSS/)</script> The XSS will be triggered when an admin will view the related Callback Message via the Callback dashboard (/wp-admin/edit.php?post_type=cbb_callback => /wp-admin/post.php?post=21&action=edit)
Affects Plugins
References
CVE
Classification
Type
XSS
OWASP top 10
CWE
CVSS
Miscellaneous
Original Researcher
Juampa Rodríguez
Submitter
Juampa Rodríguez
Submitter website
Submitter twitter
Verified
Yes
WPVDB ID
Timeline
Publicly Published
2022-10-18 (about 1 years ago)
Added
2022-10-18 (about 1 years ago)
Last Updated
2022-10-19 (about 1 years ago)