WordPress Plugin Vulnerabilities

WP EasyPay < 4.1 - Reflected Cross-Site Scripting

Description

The plugin does not escape some generated URLs before outputting them back in pages, leading to Reflected Cross-Site Scripting issues which could be used against high privilege users such as admin

Proof of Concept

When there is no account connected, make a logged in admin open

https://example.com/wp-admin/edit.php?post_type=wp_easy_pay&page=wpep-settings&a"><script>alert(/XSS/)</script>

Affects Plugins

Plugin icon
wp-easy-pay
Fixed in 4.1

References

CVE
CVE-2023-1465

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
5.8 (medium)

Miscellaneous

Original Researcher
Pablo Sanchez
Submitter
Pablo Sanchez
Verified
Yes
WPVDB ID
13f59eb4-0744-4fdb-94b5-886ee6bdd867

Timeline

Publicly Published
2023-05-01 (about 7 months ago)
Added
2023-04-28 (about 7 months ago)
Last Updated
2023-04-28 (about 7 months ago)

Other

Published
Title
Published
2022-05-26
Title
Image Slider by NextCode <= 1.1.2 - Author+ Stored Cross-Site Scripting
Published
2019-07-03
Title
WP Statistics <= 12.6.6.1 - Unauthenticated Stored XSS Under Certain Configurations
Published
2015-03-06
Title
Google Analytics by Yoast <= 5.3.2 - Cross-Site Scripting (XSS)
Published
2023-10-18
Title
Gumroad <= 3.1.0 - Contributor+ Stored XSS
Published
2023-01-20
Title
User Registration < 2.3.1 - Admin+ Stored XSS