Get Your Number <= 1.1.3 – Admin+ Stored XSS | CVE 2023-2634

Description

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

Proof of Concept

1. In the plugin's settings, enter the payload "><script>alert(1)</script> in the event_name field.
2. Reload the page and see the XSS.

Affects Plugins

get-your-number

No known fix

References

CVE

CVE-2023-2634

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CWE-79

CVSS

3.5 (low)

Miscellaneous

Original Researcher

Ilyase Dehy and Aymane Mazguiti

Submitter

Ilyase Dehy and Aymane Mazguiti

Verified

Yes

WPVDB ID

1df111aa-6057-47a2-8e8b-9ef5ec3bb472

Timeline

Publicly Published

2023-05-12 (about 1 years ago)

Added

2023-05-12 (about 1 years ago)

Last Updated

2023-05-12 (about 1 years ago)

Other

Published

Title

Published

2024-02-02

Title

Easy Digital Downloads < 3.2.7 - Shop Manager+ Stored XSS

Published

2022-05-30

Title

Newsletter < 7.4.6 - Admin+ Stored Cross-Site Scripting

Published

2022-09-26

Title

Sabai Discuss < 1.4.14 - Reflected Cross Site Scripting

Published

2014-08-01

Title

Video Metabox 1.1 - Stored Cross-Site Scripting (XSS)

Published

2023-05-30

Title

Call Now Icon Animate <= 0.1.0 - Admin+ Stored XSS