Frontend Checklist <= 2.3.2 – Admin+ Stored XSS | CVE 2024-4957 | Plugin Vulnerabilities

Description

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

Proof of Concept

1. Go to frontend-checklist admin settings to create a new checklist (options-general.php?page=frontend-checklist&action=new)
2. In the creation page, set the name field to `<script>alert(1)</script>`
3. Save the changes and go to listing page to see the XSS (options-general.php?page=frontend-checklist)

Affects Plugins

frontend-checklist

No known fix

References

CVE

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

Miscellaneous

Original Researcher

Felipe Caon

Submitter

caon

Submitter website

https://caon.io

Verified

Yes

WPVDB ID

0a560ed4-7dec-4274-b4a4-39dea0c0d67e

Timeline

Publicly Published

2024-06-05 (about 25 days ago)

Added

2024-06-05 (about 24 days ago)

Last Updated

2024-06-05 (about 24 days ago)

Other

Published

Title

Published

2023-04-14

Title

Paytm Payment Donation < 2.2.1 - Reflected XSS

Published

2023-01-25

Title

Auto Hide Admin Bar < 1.6.2 - Admin+ Stored XSS

Published

2024-05-31

Title

WordPress Infinite Scroll – Ajax Load More < 7.1.2 - Authenticated (Contributor+) Cross-Site Scripting

Published

2023-07-18

Title

Easy Captcha <= 1.0 - Reflected Cross-Site Scripting

Published

2024-05-06

Title

TT Custom Post Type Creator <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting