WordPress Plugin Vulnerabilities

WP Meta SEO < 4.4.7 - Admin+ Stored Cross-Site Scripting via breadcrumbs

Description

The plugin does not sanitise or escape the breadcrumb separator before outputting it to the page, allowing a high privilege user such as an administrator to inject arbitrary javascript into the page even when unfiltered html is disallowed.

Proof of Concept

Affects Plugins

Plugin icon
wp-meta-seo
Fixed in 4.4.7

References

CVE
CVE-2022-1093

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
2.7 (low)

Miscellaneous

Original Researcher
Victor Pasman
Submitter
Victor Pasman
Verified
Yes
WPVDB ID
57017050-811e-474d-8256-33d19d4c0553

Timeline

Publicly Published
2022-05-02 (about 3 years ago)
Added
2022-05-02 (about 3 years ago)
Last Updated
2022-05-03 (about 3 years ago)

Other

Published
Title
Published
2023-10-16
Title
Mediabay <= 1.6 - Editor+ Stored XSS
Published
2023-04-21
Title
eRocket < 1.2.5 - Admin+ Stored XSS
Published
2016-10-13
Title
Headway Theme < 3.8.9 - Authenticated Cross-Site Scripting (XSS)
Published
2024-06-22
Title
Shortcodes Ultimate Pro < 7.1.5 - Contributor+ Stored Cross-Site Scripting XSS
Published
2020-05-28
Title
bbPress < 2.6.5 - Authenticated Stored Cross-Site Scripting via the forums list table