WordPress Plugin Vulnerabilities

Front Editor <= 4.4.1 - Admin+ Stored XSS

Description

The plugin does not sanitize and escape some of its form settings, which could allow high-privilege users to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

Proof of Concept

1. Add a new form.
2. For the "Post Title", add a "Label" of: <img src=x onerror=alert(/XSS/); >, or <script>alert(/XSS/)</script>
3. Save the form.
4. Edit the form and see JavaScript code executed.

Affects Plugins

Plugin icon
front-editor
No known fix

References

CVE
CVE-2023-1982

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
3.5 (low)

Miscellaneous

Original Researcher
Vikas Kumawat
Submitter
Vikas Kumawat
Submitter twitter
Vikas45139644
Verified
Yes
WPVDB ID
51987966-8007-4e12-bc2e-997b92054739

Timeline

Publicly Published
2023-08-02 (about 9 months ago)
Added
2023-08-02 (about 9 months ago)
Last Updated
2024-02-21 (about 2 months ago)

Other

Published
Title
Published
2016-07-24
Title
Code Snippets < 2.7.0 - Authenticated Reflected Cross-Site Scripting (XSS)
Published
2022-08-22
Title
WP-UserOnline < 2.88.1 - Admin+ Stored Cross-Site Scripting
Published
2023-04-19
Title
Ebook Store < 5.78 - Admin+ Stored XSS
Published
2023-03-21
Title
Drag and Drop Multiple File Upload PRO - Contact Form 7 with Remote Storage Integrations < 5.0.6.4 - Reflected Cross-Site Scripting
Published
2023-01-12
Title
Tutor LMS < 2.0.10 - Reflected Cross-Site Scripting