Panda Pods Repeater Field < 1.5.4 – Reflected XSS | CVE 2022-4306 | Plugin Vulnerabilities

Description

The plugin does not sanitize and escapes a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against a user having at least Contributor permission.

Proof of Concept

1. Install Pods plugin (dependency) - https://wordpress.org/plugins/pods

2. Install the vulnerable plugin (panda-pods-repeater-field) - https://wordpress.org/plugins/panda-pods-repeater-field (v1.5.3)

3. As an authenticated user, visit the following URL to trigger an alert box:

http://example.com/wp-content/plugins/panda-pods-repeater-field/fields/pandarepeaterfield.php?itemid=1&podid=1);%20alert(/xss/);/*x&iframe_id=panda-repeater-add-new&success=1

Affects Plugins

panda-pods-repeater-field

Fixed in 1.5.4

References

CVE

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CVSS

Miscellaneous

Original Researcher

cydave

Submitter

cydave

Submitter website

https://cyllective.com/

Submitter twitter

Verified

Yes

WPVDB ID

18d7f9af-7267-4723-9d6f-05b895c94dbe

Timeline

Publicly Published

2022-12-07 (about 1 years ago)

Added

2023-01-03 (about 1 years ago)

Last Updated

2023-01-03 (about 1 years ago)

Other

Published

Title

Published

2015-11-22

Title

Add Link to Facebook <= 2.2.7 - Authenticated Cross-Site Scripting (XSS)

Published

2023-11-23

Title

Easy Social Icons < 3.2.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode

Published

2023-10-16

Title

Ninja Forms < 3.6.34 - Admin+ Stored XSS

Published

2021-11-17

Title

Backup Migration < 1.1.6 - Admin+ Stored Cross-Site Scripting

Published

2023-10-02

Title

Notice Bar < 3.1.1 - Contributor+ Stored XSS