WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

Amr Users < 4.59.4 - Admin+ Stored Cross-Site Scripting

Description

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed

Proof of Concept

Put the following payload in the "Name of list" field in the User Lists > Overview & tools page (/wp-admin/admin.php?page=ameta-admin-overview.php): " style=animation-name:rotation onanimationstart=alert(/XSS/)//

The XSS will be trigged in all backend pages

Affects Plugins

amr-users
Fixed in version 4.59.4

References

CVE
CVE-2022-1094

Classification

Type

XSS

OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79

Miscellaneous

Original Researcher

Ankur Bakre

Submitter

Ankur Bakre

Submitter website
https://www.linkedin.com/in/ankur-bakre-99320316b/
Verified

Yes

WPVDB ID
3c03816b-e381-481c-b9f5-63d0c24ff329

Timeline

Publicly Published

2022-04-04 (about 3 months ago)

Added

2022-04-04 (about 3 months ago)

Last Updated

2022-04-09 (about 2 months ago)

Our Other Services

WPScan WordPress Security Plugin