WordPress Plugin Vulnerabilities

Nested Pages < 3.1.21 - Admin+ Stored Cross Site Scripting

Description

The plugin does not escape and sanitize the some of its settings, which could allow high privilege users to perform Stored Cross-Site Scripting attacks when the unfiltered_html is disallowed

Proof of Concept

Put the following payload on the "Menu Name" settings of the plugin: "onmouseover=alert("XSS")//

Affects Plugins

wp-nested-pages

Fixed in version 3.1.21

References

CVE

CVE-2022-1990

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CWE-79

Miscellaneous

Original Researcher

Sachin Bahl from eSec Forte Technologies Pvt Ltd

Submitter

Sachin Bahl from eSec Forte Technologies Pvt Ltd

Submitter website

https://www.linkedin.com/in/sachin-bahl-6072084/

Verified

Yes

WPVDB ID

42f1bf1f-95a8-41ee-a637-88deb80ab870

Timeline

Publicly Published

2022-06-06 (about 9 months ago)

Added

2022-06-06 (about 9 months ago)

Last Updated

2023-03-09 (about 19 days ago)

Our Other Services

WPScan WordPress Security Plugin