WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

Get Your Number <= 1.1.3 - Admin+ Stored XSS

Description

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

Proof of Concept

1. In the plugin's settings, enter the payload "><script>alert(1)</script> in the event_name field.
2. Reload the page and see the XSS.

Affects Plugins

get-your-number
No known fix - plugin closed

References

CVE
CVE-2023-2634

Classification

Type

XSS

OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79

Miscellaneous

Original Researcher

Ilyase Dehy and Aymane Mazguiti

Submitter

Ilyase Dehy and Aymane Mazguiti

Verified

Yes

WPVDB ID
1df111aa-6057-47a2-8e8b-9ef5ec3bb472

Timeline

Publicly Published

2023-05-12 (about 4 months ago)

Added

2023-05-12 (about 4 months ago)

Last Updated

2023-05-12 (about 4 months ago)

Our Other Services

WPScan WordPress Security Plugin