WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

WP Server Health Stats < 1.7.0 - Admin+ Stored Cross-Site Scripting

Description

The plugin does not escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.

Proof of Concept

As admin, put the following payload in the "Provide your IP-API Pro key", "Memcached Server Host", "Set the realtime script refresh inverval" or "Memcached Server Port" settings and save: "autofocus onfocus=alert(/XSS/)//

(Note: for settings expecting an integer, change the type=number to type=text with the browser inspector to be able to put the payload)

Affects Plugins

wp-server-stats
Fixed in version 1.7.0

References

CVE
CVE-2022-2887

Classification

Type

XSS

OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79

Miscellaneous

Original Researcher

Mika

Submitter

Mika

Submitter website
https://mikadmin.fr/
Submitter twitter
mika_sec
Verified

Yes

WPVDB ID
237541d5-c1a5-44f2-8e5f-82457b8f9497

Timeline

Publicly Published

2022-08-22 (about 7 months ago)

Added

2022-08-22 (about 7 months ago)

Last Updated

2022-08-22 (about 7 months ago)

Our Other Services

WPScan WordPress Security Plugin