WordPress Plugin Vulnerabilities

Advanced Image Sitemap <= 1.2 - Reflected Cross-Site Scripting

Description

The plugin does not sanitise and escape the PHP_SELF PHP variable before outputting it back in an attribute in an admin page, leading to Reflected Cross-Site Scripting.

Proof of Concept

https://example.com/wp-admin/options-general.php/%22%3E%3Csvg/onload=alert(/xss/)%3E?page=ais

Affects Plugins

Plugin icon
advanced-image-sitemap
No known fix

References

CVE
CVE-2022-1216

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
6.1 (medium)

Miscellaneous

Original Researcher
p7e4
Submitter
p7e4
Submitter website
https://github.com/p7e4
Submitter twitter
p7e4_
Verified
Yes
WPVDB ID
31a5b138-3d9e-4cd6-b85c-d20406ab51bd

Timeline

Publicly Published
2022-04-19 (about 2 years ago)
Added
2022-04-19 (about 2 years ago)
Last Updated
2022-04-20 (about 2 years ago)

Other

Published
Title
Published
2024-01-08
Title
GD Rating System < 3.5.1 - Unauthenticated Stored Cross-Site Scripting via IP
Published
2023-12-19
Title
WP Edit Username < 1.0.6 - Admin+ Stored XSS
Published
2024-01-31
Title
Auto Listings < 2.6.6 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode
Published
2022-04-04
Title
wpDataTables < 2.1.28 - Admin+ Stored Cross-Site Scripting
Published
2016-07-20
Title
Nofollow Links <= 1.0.10 - Cross-Site Scripting (XSS)