How it works Pricing

Vulnerabilities

WordPress Plugins Themes Stats Submit vulnerabilities

For developers

Status API details CLI scanner

WordPress Plugin Vulnerabilities

underConstruction < 1.21 - Admin+ Stored Cross-Site Scripting

Description

The plugin does not sanitise or escape the "Display a custom page using your own HTML" setting before outputting it, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiletred_html capability is disallowed.

Proof of Concept

In the plugin's settings, active Under Contraction feature, select "Display a custom page using your own HTML" then put the following payload in the "Under Construction Page HTML" field: <svg onload=alert(/XSS/)>

The XSS will be triggered in the homepage (when viewed as non admin)

Affects Plugins

underconstruction

Fixed in version 1.21

References

CVE

URL

https://www.hackpertise.com/cve/39/

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

Miscellaneous

Original Researcher

Asif Nawaz Minhas

Submitter

Asif Nawaz Minhas

Verified

Yes

WPVDB ID

3e8bd875-2435-4a15-8ee8-8a00882b499c

Timeline

Publicly Published

2022-05-26 (about 2 months ago)

Added

2022-05-26 (about 2 months ago)

Last Updated

2022-08-02 (about 17 days ago)

Our Other Services

WPScan WordPress Security Plugin