logoWordPressPluginsThemesAPISubmitContact
search-icon
logo
search-icon
WordPressPluginsThemesAPISubmitContactSecurity Scanner
Register

Advanced Access Manager < 6.8.0 - Admin+ Stored Cross-Site Scripting

Description

The plugin does not escape some of its settings when outputting them, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed

Proof of Concept

Put the following payload in any of the plugin's settings with a text input:
- v < 6.7.9 - "><script>alert(/XSS/)</script>
- v < 6.8.0 - " onfocus=alert(/XSS/)//

For example in "404 Redirect" > "Redirected to the local URL" > "The URL", "URI Access" > Create > "Enter URL" etc

The XSS will be triggered when accessing the plugin setting again

Affects Plugins

advanced-access-manager

Fixed in version 6.8.0

References

CVE

CVE-2021-24830

URL

https://plugins.trac.wordpress.org/changeset/2616161/

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CWE-79

Miscellaneous

Original Researcher

Huy Nguyen

Submitter

Huy Nguyen

Submitter website

https://www.linkedin.com/in/id-laladee/

Verified

Yes

WPVDB ID

1c46373b-d43d-4d18-b0ae-3711fb0be0f9

Timeline

Publicly Published

2021-10-19 (about 1 months ago)

Added

2021-10-19 (about 1 months ago)

Last Updated

2021-10-19 (about 1 months ago)

Our Other Services

WPScan WordPress Security Plugin