WordPress Plugin Vulnerabilities
Frontend Checklist <= 2.3.2 - Admin+ Stored XSS
Description
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
Proof of Concept
1. Go to frontend-checklist admin settings to create a new checklist (options-general.php?page=frontend-checklist&action=new) 2. In the creation page, set the name field to `<script>alert(1)</script>` 3. Save the changes and go to listing page to see the XSS (options-general.php?page=frontend-checklist)
Affects Plugins
References
CVE
Classification
Type
XSS
OWASP top 10
CWE
Miscellaneous
Original Researcher
Felipe Caon
Submitter
caon
Submitter website
Verified
Yes
WPVDB ID
Timeline
Publicly Published
2024-06-05 (about 25 days ago)
Added
2024-06-05 (about 24 days ago)
Last Updated
2024-06-05 (about 24 days ago)