Event Timeline <= 1.1.6 – Admin+ Stored Cross-Site Scripting | CVE 2022-1324 | Plugin Vulnerabilities

Description

The plugin does not sanitize and escape Timeline Text, which could allow high-privileged users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed

Proof of Concept

Create/edit a Timeline, put the following payload in the "Text" field at the bottom: <script>alert(/XSS/)</script>

Click save (below the Text field, not the button on top of the page), then click Update

The XSS will be triggered in post/page where the Timeline is embed

Affects Plugins

rich-event-timeline

No known fix

References

CVE

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CVSS

Miscellaneous

Original Researcher

Fayçal CHENA

Submitter

Fayçal CHENA

Submitter website

https://fafachena.com/

Submitter twitter

Verified

Yes

WPVDB ID

2ce2a387-acc8-482a-9452-a4d9acb187fd

Timeline

Publicly Published

2022-07-11 (about 1 years ago)

Added

2022-07-11 (about 1 years ago)

Last Updated

2023-04-11 (about 1 years ago)

Other

Published

Title

Published

2024-02-27

Title

ArtiBot Free Chat Bot for WordPress WebSites <= 1.1.6 - Authenticated (Admin+) Cross-Site Scripting

Published

2016-04-12

Title

Simpel Reserveren 3 <= 3.5.2 - Unauthenticated Reflected Cross-Site Scripting (XSS)

Published

2022-01-10

Title

Tutor LMS < 1.9.13 - Reflected Cross-Site Scripting

Published

2021-12-21

Title

Five Star Restaurant Reservations < 2.4.8 - Subscriber+ Stored Cross-Site Scripting

Published

2021-08-25

Title

WordPress Real Media Library < 4.14.2 - Author Stored Cross-Site Scripting