WP24 Domain Check < 1.6.3 – Authenticated Stored Cross-Site Scripting (XSS)

Description

The plugin version 1.6.2 and possibly below, was vulnerable to Stored Cross-Site Scripting (XSS) in the plugin's fieldnameDomain settings parameter.

The form did require a valid CSRF nonce, limiting the exploitability of the vulnerability.

Proof of Concept

In the plugin's advanced settings (wp-admin/options-general.php?page=wp24_domaincheck_settings&tab=advanced), put the following payload in the Domain fieldname input:
" onfocus=alert(/XSS/); autofocus=

Affects Plugins

wp24-domain-check

Fixed in 1.6.3

References

Exploitdb

49377

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CWE-79

CVSS

4.4 (medium)

Miscellaneous

Original Researcher

Mehmet Kelepce

Verified

WPVDB ID

4c4075de-c6e0-4130-8cad-a4ea5311f5ea

Timeline

Publicly Published

2021-01-06 (about 3 years ago)

Added

2021-01-11 (about 3 years ago)

Last Updated

2021-01-26 (about 3 years ago)

Other

Published

Title

Published

2023-05-11

Title

Add Posts to Pages <= 1.4.1 - Contributor+ Stored XSS

Published

2021-05-10

Title

LifterLMS < 4.21.1 - Reflected Cross-Site Scripting (XSS) via Coupon Code in Checkout

Published

2021-08-31

Title

CF Geo Plugin < 7.13.12 - Reflected Cross-Site Scripting

Published

2014-08-01

Title

Covert Videopress - VideoJS Cross-Site Scripting

Published

2023-10-18

Title

User Location and IP <= 1.7 - Contributor+ Stored XSS