WordPress Plugin Vulnerabilities

WP Popups < 2.1.4.8 - Contributor+ Stored XSS

Description

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.

Proof of Concept

Exploit: [spu-facebook width='" onmouseover="alert(1)" style="background:red;width:100px;height:100px;"']

Affects Plugins

Plugin icon
wp-popups-lite
Fixed in 2.1.4.8

References

CVE
CVE-2022-4716

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
6.8 (medium)

Miscellaneous

Original Researcher
Lana Codes
Submitter
Lana Codes
Submitter website
https://lana.codes/
Submitter twitter
LanaCodes
Verified
Yes
WPVDB ID
24176ad3-2317-4853-b4db-8394384d52cd

Timeline

Publicly Published
2022-12-28 (about 11 months ago)
Added
2022-12-28 (about 11 months ago)
Last Updated
2022-12-28 (about 11 months ago)

Other

Published
Title
Published
2020-07-09
Title
Knight Lab Timeline < 3.7.0.0 - Outdated TimelineJS library could Lead to Stored XSS
Published
2016-06-07
Title
Wordpress Levo-Slideshow 2.3 - Stored Cross-Site Scripting (XSS)
Published
2023-08-21
Title
Appointment booking addon for Gravity Forms < 1.10.0 - Reflected Cross-Site Scripting
Published
2023-01-17
Title
YaMaps for WordPress Plugin < 0.6.26 - Contributor+ Stored XSS
Published
2021-07-05
Title
Popular Brand SVG Icons - Simple Icons < 2.7.8 - Contributor+ Stored XSS