WordPress Plugin Vulnerabilities
Popup Maker < 1.16.9 - Contributor+ Stored XSS via Shortcode
Description
The plugin does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks
Proof of Concept
As a user with the Contributor or above, create a new Popup (in Popup Maker menu) with "content" field containing [popup_close tag="script"]alert(/XSS/)[/popup_close]. The XSS will be triggered when previewing the Popup, as well as in Frontend pages (once the popup is published) Alternatively, the shortcode can also be put directly in any post/page and the XSS will be triggered when the post/page will be previewed/viewed
Affects Plugins
References
CVE
Classification
Type
XSS
OWASP top 10
CWE
CVSS
Miscellaneous
Original Researcher
Tin Pham aka TF1T
Submitter
Tin Pham aka TF1T
Verified
Yes
WPVDB ID
Timeline
Publicly Published
2022-09-23 (about 1 years ago)
Added
2022-12-08 (about 1 years ago)
Last Updated
2022-12-08 (about 1 years ago)