WordPress Plugin Vulnerabilities

ImageLinks Interactive Image Builder for WordPress < 1.5.4 - Contributor+ Stored XSS

Description

The plugin does not sanitise and escape some of its settings, which could allow users such as contributor+ to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.

Proof of Concept

1. Create a new vision item (with whatever role, even if it's an Administrator).

2. Connect to a user with a role as low as Contributor+ and create a new post.

3. Insert the following shortcode in a post: [imagelinks id='1' class='XSS" onmouseover="alert(1)']

4. Hover over the image inserted by going to the post, the alert triggers successfully.

Affects Plugins

Plugin icon
imagelinks-interactive-image-builder-lite
Fixed in 1.5.4

References

CVE
CVE-2022-4393

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
6.8 (medium)

Miscellaneous

Original Researcher
Lana Codes
Submitter
Lana Codes
Submitter website
https://lana.codes/
Submitter twitter
LanaCodes
Verified
Yes
WPVDB ID
0bd4f370-f9f8-43ee-8f20-96e899a1efb5

Timeline

Publicly Published
2022-12-16 (about 1 years ago)
Added
2022-12-16 (about 1 years ago)
Last Updated
2022-12-21 (about 1 years ago)

Other

Published
Title
Published
2024-03-28
Title
Otter Blocks < 2.6.6 - Contributor+ Stored XSS
Published
2023-02-21
Title
wp2syslog <= 1.0.5 - Admin+ Stored XSS
Published
2023-11-20
Title
Drop Shadow Boxes < 1.7.14 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Published
2023-10-03
Title
Instagram for WordPress <= 2.1.6 - Contributor+ Stored XSS
Published
2024-04-09
Title
Bold Page Builder < 4.8.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via "Price List" Element