WordPress Plugin Vulnerabilities

Spacer < 3.0.7 - Admin+ Stored XSS

Description

The plugin does not sanitize and escapes some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example, in multisite setup).

Proof of Concept

Add new Spacers and add payload "><h1 onclick=alert(document.domain)>Gem</h1> to Settings » Spacer » Add Spacers » New Spacer » Space Title and submit.

Affects Plugins

Plugin icon
spacer
Fixed in 3.0.7

References

CVE
CVE-2022-3618

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
3.4 (low)

Miscellaneous

Original Researcher
gem
Submitter
gem
Verified
Yes
WPVDB ID
2011dc7b-8e8c-4190-ab34-de288e14685b

Timeline

Publicly Published
2022-10-28 (about 1 years ago)
Added
2022-10-28 (about 1 years ago)
Last Updated
2022-10-28 (about 1 years ago)

Other

Published
Title
Published
2023-03-13
Title
Solidres <= 0.9.4 - Multiple Reflected XSS
Published
2023-01-30
Title
GS Filterable Portfolio < 1.6.1 - Contributor+ Stored XSS
Published
2021-10-25
Title
Media-Tags <= 3.2.0.2 - Admin+ Stored Cross-Site Scripting
Published
2016-11-08
Title
Caldera Forms < 1.4.2 - Cross Site Scripting
Published
2023-10-13
Title
Gutenberg < 16.8.1 - Contributor+ Stored XSS via Navigation Links Block