WordPress Plugin Vulnerabilities

Google Authenticator < 1.0.8 - Admin+ Stored Cross-Site Scripting

Description

The plugin does not escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed

Proof of Concept

Put the following payload in the Account Name settings and click on the 'Change App name' button: " autofocus onfocus=alert(/XSS/)//

Affects Plugins

Plugin icon
miniorange-google-authenticator
Fixed in 1.0.8

References

CVE
CVE-2022-1994

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
3.4 (low)

Miscellaneous

Original Researcher
Niraj Mahajan
Submitter
Niraj Mahajan
Submitter website
https://www.linkedin.com/in/niraj1mahajan/
Submitter twitter
niraj1mahajan
Verified
Yes
WPVDB ID
114d94be-b567-4b4b-9a44-f2c05cdbe18e

Timeline

Publicly Published
2022-06-06 (about 1 years ago)
Added
2022-06-06 (about 1 years ago)
Last Updated
2023-03-07 (about 1 years ago)

Other

Published
Title
Published
2023-07-10
Title
Twittee Text Tweet <= 1.0.8 - Reflected XSS
Published
2015-04-21
Title
WP SpreadPlugin < 3.8.6.2 - XSS
Published
2015-04-20
Title
Jetpack 3.0-3.4.2 - Cross-Site Scripting (XSS)
Published
2024-04-22
Title
Coupon & Discount Code Reveal Button < 1.2.6 - Authenticated (Editor+) Stored Cross-Site Scripting
Published
2022-01-18
Title
ProfileGrid < 4.7.5 - Subscriber+ Stored Cross-Site Scripting