WordPress Plugin Vulnerabilities

Adrotate < 5.8.23 - Admin+ XSS via Advert Name

Description

The plugin does not sanitise and escape Advert Names which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed

Proof of Concept

Create/edit an Advert and put the following payload in the Name field: "><img src=x onerror=alert(/XSS/)>

The XSS will be triggered when accessing the Manage Adverts page

Affects Plugins

Plugin icon
adrotate
Fixed in 5.8.23

References

CVE
CVE-2022-0662

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
3.4 (low)

Miscellaneous

Original Researcher
Muhamad Hidayat
Submitter
muhamad hidayat
Submitter website
https://muh-hidayat7799.medium.com/
Submitter twitter
hidesu_ae
Verified
Yes
WPVDB ID
27ad58ba-b648-41d9-8074-16e4feeaee69

Timeline

Publicly Published
2022-04-11 (about 2 years ago)
Added
2022-04-11 (about 2 years ago)
Last Updated
2022-04-13 (about 2 years ago)

Other

Published
Title
Published
2022-07-18
Title
DW Promobar <= 1.0.4 - Admin+ Stored Cross-Site Scripting
Published
2024-05-10
Title
Sticky banner < 1.3.0 - Authenticated (Administrator+) Stored Cross-Site Scripting
Published
2023-06-05
Title
Aajoda Testimonials < 2.2.2 - Admin+ Stored XSS
Published
2023-01-31
Title
ShortPixel Adaptive Images < 3.6.3 - Reflected XSS
Published
2022-05-27
Title
Export All URLs < 4.2 - Editor+ Stored Cross-Site Scripting