WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

WordPress Security < 4.2.1 - Admin+ Stored Cross-Site Scripting

Description

The plugin does not sanitise and escape some of its settings, leading to malicious users with administrator privileges to store malicious Javascript code leading to Cross-Site Scripting attacks when unfiltered_html is disallowed (for example in multisite setup)

Proof of Concept

Put the following payload in the "Advanced Blocking" tab > "Block HTTP Referer's" section > "Add Referer" field: "><img src=x onerror=alert(/XSS/)>

Affects Plugins

wp-security-pro
Fixed in version 4.2.1

References

CVE
CVE-2022-1028

Classification

Type

XSS

OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79

Miscellaneous

Original Researcher

Niraj Mahajan

Submitter

Niraj Mahajan

Submitter website
https://www.linkedin.com/in/niraj1mahajan/
Submitter twitter
niraj1mahajan
Verified

Yes

WPVDB ID
16fc08ec-8476-4f3c-93ea-6a51ed880dd5

Timeline

Publicly Published

2022-06-06 (about 3 months ago)

Added

2022-06-06 (about 3 months ago)

Last Updated

2022-06-10 (about 3 months ago)

Our Other Services

WPScan WordPress Security Plugin