WordPress Plugin Vulnerabilities

WP Total Hacks <= 4.7.2 - Subscriber+ Arbitrary Options Update to Stored XSS

Description

The plugin does not prevent low privilege users from modifying the plugin's settings. This could allow users such as subscribers to perform Stored Cross-Site Scripting attacks against other users, like administrators, due to the lack of sanitisation and escaping as well.

Proof of Concept

Affects Plugins

Plugin icon
wp-total-hacks
No known fix

References

CVE
CVE-2022-3096

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
8.0 (high)

Miscellaneous

Original Researcher
Daniel Ruf
Submitter
Daniel Ruf
Submitter website
https://daniel-ruf.de
Verified
Yes
WPVDB ID
46996537-a874-4b2e-9cd7-7d0832f9704d

Timeline

Publicly Published
2022-10-10 (about 3 years ago)
Added
2022-10-10 (about 3 years ago)
Last Updated
2022-10-10 (about 3 years ago)

Other

Published
Title
Published
2024-12-11
Title
Hash Form < 1.2.2 - Missing Authorization to Authenticated (Contributor+) Form Style Creation
Published
2024-06-06
Title
Radcliffe 2 < 2.0.18 - Missing Authorization
Published
2024-05-31
Title
QQWorld Auto Save Images <= 1.9.8 - Missing Authorization to Arbitrary Post Content Retrieval
Published
2024-01-05
Title
Booster Elite for WooCommerce < 7.1.2 - Missing Authorization to Order Information Disclosure
Published
2024-07-31
Title
FundEngine – Donation and Crowdfunding Platform < 1.7.1 - Authenticated (Subscriber+) Privilege Escalation