Digital Publications by Supsystic < 1.7.4 – Admin+ Stored Cross-Site Scripting | CVE 2022-2384 | Plugin Vulnerabilities

Description

The plugin does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.

Proof of Concept

1. Create new publication, name it whatever
2. Click the "Custom Page" tab to add a new page:
  - name it with the desired payload as the title: `aaa" onclick='alert(123);' ">`
  - select the publication you just created by checking the box next to it.
  - click publish
3. Go back to the list of publications, open the one you created and go to the "All Pages" tab:
  - click on the title of the page created in 2, and the payload triggers

Affects Plugins

digital-publications-by-supsystic

Fixed in 1.7.4

References

CVE

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CVSS

Miscellaneous

Original Researcher

iohex

Submitter

iohex

Submitter twitter

Verified

Yes

WPVDB ID

0917b964-f347-487e-b8d7-c4f09c290fe5

Timeline

Publicly Published

2022-07-21 (about 1 years ago)

Added

2022-07-21 (about 1 years ago)

Last Updated

2023-04-20 (about 1 years ago)

Other

Published

Title

Published

2021-09-20

Title

GamePress <= 1.1.0 - Reflected Cross-Site Scripting

Published

2023-07-17

Title

YARPP < 5.30.4 - Contributor+ Stored Cross-Site Scripting

Published

2024-03-16

Title

Link Library < 7.6.1 - Reflected Cross-Site Scripting

Published

2023-07-10

Title

WooCommerce Ship to Multiple Addresses < 3.8.6 - Reflected Cross-Site Scripting

Published

2015-02-11

Title

Mobile Domain <= 1.5.2 - CSRF/XSS