Coming Soon and Maintenance by Colorlib < 1.0.99 – Admin+ Stored Cross Site Scripting | CVE 2022-1945 | Plugin Vulnerabilities

Description

The plugin does not sanitize and escape some settings, allowing high privilege users such as admin to perform Stored Cross-Site Scripting when unfiltered_html is disallowed (for example in multisite setup)

Proof of Concept

Put the following payload in the "Google Analytics" settings of the plugin (in the General section): "><img src onerror=alert(/XSS/)>

The XSS will be triggered when accessing the settings again, as well as all frontend page

Affects Plugins

colorlib-coming-soon-maintenance

Fixed in 1.0.99

References

CVE

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CVSS

Miscellaneous

Original Researcher

Pritam Dash

Submitter

Pritam Dash

Submitter website

https://tthreat.com

Submitter twitter

Verified

Yes

WPVDB ID

4ad297e5-c92d-403c-abf4-9decf7e8378b

Timeline

Publicly Published

2022-05-30 (about 1 years ago)

Added

2022-05-30 (about 1 years ago)

Last Updated

2023-02-26 (about 1 years ago)

Other

Published

Title

Published

2022-12-07

Title

Panda Pods Repeater Field < 1.5.4 - Reflected XSS

Published

2021-08-10

Title

Two Factor Authentication < 1.0.8 - Reflected Cross-Site Scripting

Published

2022-01-18

Title

ProfileGrid < 4.7.5 - Subscriber+ Stored Cross-Site Scripting

Published

2014-08-01

Title

WP Forum Server <= 1.7.3 - fs-admin/fs-admin.php Multiple Parameter XSS

Published

2022-02-09

Title

E2Pdf < 1.16.45 - Admin+ Stored Cross-Site Scripting (XSS)