WordPress Plugin Vulnerabilities

WP Server Health Stats < 1.7.0 - Admin+ Stored Cross-Site Scripting

Description

The plugin does not escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.

Proof of Concept

As admin, put the following payload in the "Provide your IP-API Pro key", "Memcached Server Host", "Set the realtime script refresh inverval" or "Memcached Server Port" settings and save: "autofocus onfocus=alert(/XSS/)//

(Note: for settings expecting an integer, change the type=number to type=text with the browser inspector to be able to put the payload)

Affects Plugins

Plugin icon
wp-server-stats
Fixed in 1.7.0

References

CVE
CVE-2022-2887

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
3.4 (low)

Miscellaneous

Original Researcher
Mika
Submitter
Mika
Submitter website
https://mikadmin.fr/
Submitter twitter
mika_sec
Verified
Yes
WPVDB ID
237541d5-c1a5-44f2-8e5f-82457b8f9497

Timeline

Publicly Published
2022-08-22 (about 1 years ago)
Added
2022-08-22 (about 1 years ago)
Last Updated
2023-05-11 (about 1 years ago)

Other

Published
Title
Published
2022-06-14
Title
Clearfy Cache < 2.0.5 - Reflected Cross-Site Scripting
Published
2024-04-30
Title
ElementsKit Elementor addons 3.0.7 - 3.1.2 - Contributor+ Stored XSS
Published
2024-04-16
Title
Import Content in WordPress & WooCommerce with Excel < 4.3 - Reflected Cross-Site Scripting
Published
2024-05-07
Title
HT Mega – Absolute Addons For Elementor < 2.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Tooltip & Popover Widget
Published
2023-05-25
Title
File Renaming on Upload < 2.5.2 - Admin+ Stored Cross-Site Scripting