WP Comments Fields < 4.1 – Admin+ Stored Cross-Site Scripting | CVE 2022-2398 | Plugin Vulnerabilities

Description

The plugin does not escape Field Error Message, which could allow high-privileged users to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed

Proof of Concept

Create/edit a Comment Fields (Comments > Comment Fields) and put the following payload in the Error Message setting: "autofocus onfocus=alert(/XSS/)//

The XSS will be triggered in any post

Affects Plugins

wp-comment-fields

Fixed in 4.1

References

CVE

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CVSS

Miscellaneous

Original Researcher

Rafshanzani Suhada

Submitter

Rafshanzani Suhada

Verified

Yes

WPVDB ID

0a218789-9a78-49ca-b919-fa61d33d5672

Timeline

Publicly Published

2022-07-14 (about 3 years ago)

Added

2022-07-14 (about 3 years ago)

Last Updated

2023-04-15 (about 2 years ago)

Other

Published

Title

Published

2023-07-17

Title

Multiple DeoThemes Themes - Reflected Cross-Site Scripting

Published

2024-02-12

Title

Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders < 5.9.9 - Contributor+ Stored Cross-Site Scripting via Accordion

Published

2024-05-21

Title

WPB Elementor Addons < 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via url Parameter

Published

2023-04-13

Title

FooGallery < 2.2.41 - Reflected XSS

Published

2024-01-16

Title

WOLF < 1.0.8.1 - Unauthenticated Stored Cross-Site Scripting via profile_title