SEO Smart Links <= 3.0.1 – Admin+ Stored Cross-Site Scripting | CVE 2022-3135

Description

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

Proof of Concept

Put the following payload in the "Whitelisted domains for nofollow exclusion" settings of the plugin: </textarea><script>alert(/XSS/)</script>

Affects Plugins

seo-automatic-links

No known fix

References

CVE

CVE-2022-3135

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CWE-79

CVSS

3.4 (low)

Miscellaneous

Original Researcher

Fjowel

Submitter

Fjowel

Verified

Yes

WPVDB ID

3505481d-141a-4516-bdbb-d4dad4e1eb01

Timeline

Publicly Published

2022-09-05 (about 1 years ago)

Added

2022-09-05 (about 1 years ago)

Last Updated

2022-09-05 (about 1 years ago)

Other

Published

Title

Published

2024-03-25

Title

Sina Extension for Elementor < 3.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

Published

2023-08-21

Title

Appointment booking addon for Gravity Forms < 1.10.0 - Reflected Cross-Site Scripting

Published

2015-03-26

Title

Flashy Theme <= 1.3 - Cross-Site Scripting (XSS)

Published

2022-02-14

Title

YOP Poll < 6.3.5 - Author+ Stored Cross-Site Scripting

Published

2014-08-01

Title

Yahoo Updates < 1.0 - XSS vulnerabilities in yupdates_application.php