How it works Pricing

Vulnerabilities

WordPress Plugins Themes Stats Submit vulnerabilities

For developers

Status API details CLI scanner

WordPress Plugin Vulnerabilities

Patreon WordPress < 1.8.2 - Admin+ Stored Cross-Site Scripting

Description

The plugin does not sanitise and escape the field "Custom Patreon Page name", which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed

Proof of Concept

Put the following payload in the "Custom Patreon Page name" setting of the plugin and save them:

v < 1.8.0: "><script>alert(/XSS/)</script>
v < 1.8.2: " style=animation-name:rotation onanimationstart=alert(/XSS/)//

Affects Plugins

patreon-connect

Fixed in version 1.8.2

References

CVE

URL

https://plugins.trac.wordpress.org/changeset/2682069

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

Miscellaneous

Original Researcher

José Aguilera

Submitter

José Aguilera

Submitter website

https://jsgm.dev

Verified

Yes

WPVDB ID

02756dd3-832a-4846-b9e1-a34f148b5cfe

Timeline

Publicly Published

2022-02-21 (about 1 years ago)

Added

2022-02-21 (about 1 years ago)

Last Updated

2022-04-09 (about 1 years ago)

Our Other Services

WPScan WordPress Security Plugin