WordPress Plugin Vulnerabilities

123.chat < 1.3.1 - Admin+ Stored XSS

Description

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

Proof of Concept

In the plugin's "User-ID" setting field, enter the payload:

"></script><script>alert("XSS")</script>

Save the changes and see the XSS.

Affects Plugins

Plugin icon
123-chat-videochat
Fixed in 1.3.1

References

CVE
CVE-2023-4298

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
3.5 (low)

Miscellaneous

Original Researcher
Jonatas Souza Villa Flor
Submitter
Jonatas Souza Villa Flor
Submitter website
https://decriptosec.com/
Submitter twitter
0xp1p3
Verified
Yes
WPVDB ID
36285052-8464-4fd6-b4b1-c175e730edad

Timeline

Publicly Published
2023-08-14 (about 3 months ago)
Added
2023-08-14 (about 3 months ago)
Last Updated
2023-08-14 (about 3 months ago)

Other

Published
Title
Published
2023-05-12
Title
WeebotLite <= 1.0.0 - Admin+ Stored XSS
Published
2023-10-18
Title
Download canvasio3D Light <= 2.4.6 - Reflected XSS
Published
2021-03-17
Title
Elementor < 3.1.2 - Authenticated Stored Cross-Site Scripting (XSS) in Heading Widget
Published
2020-07-13
Title
Workup – Job Board < 2.1.6 - Unauthenticated Reflected XSS
Published
2022-12-28
Title
Product Slider for WooCommerce < 2.6.4 - Contributor+ Stored XSS in Shortcode