Amr Users < 4.59.4 – Admin+ Stored Cross-Site Scripting | CVE 2022-1094 | Plugin Vulnerabilities

Description

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed

Proof of Concept

Put the following payload in the "Name of list" field in the User Lists > Overview & tools page (/wp-admin/admin.php?page=ameta-admin-overview.php): " style=animation-name:rotation onanimationstart=alert(/XSS/)//

The XSS will be trigged in all backend pages

Affects Plugins

Fixed in 4.59.4

References

CVE

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CVSS

Miscellaneous

Original Researcher

Ankur Bakre

Submitter

Ankur Bakre

Submitter website

https://www.linkedin.com/in/ankur-bakre-99320316b/

Verified

Yes

WPVDB ID

3c03816b-e381-481c-b9f5-63d0c24ff329

Timeline

Publicly Published

2022-04-04 (about 2 years ago)

Added

2022-04-04 (about 2 years ago)

Last Updated

2022-04-09 (about 2 years ago)

Other

Published

Title

Published

2022-10-10

Title

Newspaper < 12 - Reflected Cross-Site Scripting

Published

2024-05-01

Title

Supreme Modules Lite – Divi Theme, Extra Theme and Divi Builder < 2.5.4 - Contrib+ DOM-Based Cross-Site Scripting

Published

2024-03-28

Title

Better Elementor Addons < 1.4.2 - Contributor+ Stored XSS

Published

2023-01-10

Title

Page View Count < 2.6.1 - Contributor+ Stored XSS

Published

2022-07-04

Title

Header Footer Code Manager < 1.1.24 - Reflected Cross-Site Scripting