WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

Curtain <= 1.0.2 - Admin+ Stored Cross-Site Scripting

Description

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed

Proof of Concept

Put the following payload in the Heading and Allowed IPs settings of the plugin: "><svg/onload=alert(/XSS/)>, then </textarea><svg/onload=alert(/XSS/)> in the Managers settings

Affects Plugins

curtain
No known fix - plugin closed

References

CVE
CVE-2022-1558
URL
https://packetstormsecurity.com/files/166839/

Classification

Type

XSS

OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79

Miscellaneous

Original Researcher

Hassan Khan Yusufzai

Verified

Yes

WPVDB ID
0414dad4-e90b-4122-8b77-a8a958ab824d

Timeline

Publicly Published

2022-04-27 (about 1 years ago)

Added

2022-04-27 (about 1 years ago)

Last Updated

2022-05-04 (about 1 years ago)

Our Other Services

WPScan WordPress Security Plugin