Adrotate < 5.8.23 – Admin+ XSS via Group Name | CVE 2022-0649 | Plugin Vulnerabilities

Description

The plugin does not escape Group Names, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed

Proof of Concept

Create/edit a group and put the following payload in the Name field: " style=animation-name:rotation onanimationstart=alert(/XSS/)//

The XSS will be triggered when editing the group again

Affects Plugins

Fixed in 5.8.23

References

CVE

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CVSS

Miscellaneous

Original Researcher

muhamad hidayat

Submitter

muhamad hidayat

Submitter website

https://muh-hidayat7799.medium.com/

Submitter twitter

Verified

Yes

WPVDB ID

284fbc98-803d-4da5-8920-411eeae4bac8

Timeline

Publicly Published

2022-04-11 (about 2 years ago)

Added

2022-04-11 (about 2 years ago)

Last Updated

2022-04-13 (about 2 years ago)

Other

Published

Title

Published

2023-11-09

Title

Simple Site Verify < 1.0.8 - Admin+ Stored XSS

Published

2022-10-17

Title

eCommerce Product Catalog Plugin for WordPress < 3.0.72 - Reflected XSS

Published

2022-01-18

Title

Translation Exchange <= 1.0.14 - Authenticated Stored Cross-Site Scripting (XSS)

Published

2024-03-29

Title

Favorites < 2.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Published

2024-05-07

Title

Content Blocks (Custom Post Widget) < 3.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting