Simple Theme Options < 1.7 – Admin+ Stored Cross-Site Scripting | CVE 2022-0700 | Plugin Vulnerabilities

Description

The plugin does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed

Proof of Concept

Put the following payload in any of textarea field settings of the plugin (such as 'Google Analytics'): "><svg onload=alert(/XSS/)>

The XSS will be triggered when accessing the Theme Customizer page (/wp-admin/customize.php)

Affects Plugins

simple-theme-options

Fixed in 1.7

References

CVE

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CVSS

Miscellaneous

Original Researcher

fuzzyap1

Submitter

fuzzyap1

Verified

Yes

WPVDB ID

1bf1f255-1571-425c-92b1-02833f6a44a7

Timeline

Publicly Published

2022-02-21 (about 2 years ago)

Added

2022-02-21 (about 2 years ago)

Last Updated

2022-04-13 (about 2 years ago)

Other

Published

Title

Published

2014-08-01

Title

MobileChief - jQuery Validation Cross-Site Scripting

Published

2024-04-23

Title

UDesign <= 4.7.3 - Reflected Cross-Site Scripting

Published

2023-05-02

Title

Add to Feedly <= 1.2.11 - Admin+ Stored XSS

Published

2014-08-01

Title

SS Downloads 1.4.4.1 - templates/emailform.php Multiple Parameter Reflected XSS

Published

2024-02-09

Title

Insert PHP Code Snippet < 1.3.5 - Admin+ Stored XSS