ImageLinks Interactive Image Builder for WordPress < 1.5.4 – Contributor+ Stored XSS | CVE 2022-4393 | Plugin Vulnerabilities

Description

The plugin does not sanitise and escape some of its settings, which could allow users such as contributor+ to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.

Proof of Concept

1. Create a new vision item (with whatever role, even if it's an Administrator).

2. Connect to a user with a role as low as Contributor+ and create a new post.

3. Insert the following shortcode in a post: [imagelinks id='1' class='XSS" onmouseover="alert(1)']

4. Hover over the image inserted by going to the post, the alert triggers successfully.

Affects Plugins

imagelinks-interactive-image-builder-lite

Fixed in 1.5.4

References

CVE

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CVSS

Miscellaneous

Original Researcher

Lana Codes

Submitter

Lana Codes

Submitter website

https://lana.codes/

Submitter twitter

Verified

Yes

WPVDB ID

0bd4f370-f9f8-43ee-8f20-96e899a1efb5

Timeline

Publicly Published

2022-12-16 (about 3 years ago)

Added

2022-12-16 (about 3 years ago)

Last Updated

2022-12-21 (about 3 years ago)

Other

Published

Title

Published

2024-10-23

Title

EventPrime – Modern Events Calendar, Bookings and Tickets < 4.0.4.8 - Unauthenticated Stored Cross-Site Scripting via Transaction Log

Published

2024-10-14

Title

Arkhe Blocks < 2.27.0 - Contributor+ Stored XSS

Published

2021-02-23

Title

Photo Gallery by 10web < 1.5.69 - Reflected Cross-Site Scripting (XSS)

Published

2023-01-30

Title

Real Media Library < 4.18.29 - Author+ Stored XSS

Published

2023-06-13

Title

Login Configurator <= 2.1 - Admin+ Stored Cross-Site Scripting