Click to Top < 1.2.8 – Authenticated Stored Cross-Site Scripting | Plugin Vulnerabilities

Description

The Type scroll text field in the plugin settings page was found to be vulnerable to stored XSS, as they did not sanitize user given input properly before publishing the changes. It is triggered when a user loads any page on the website. All WordPress websites using Click to top WordPress Plugin version 1.2.7 and below are affected.

Proof of Concept

Insert the following payload into the Type scroll text field (Scroll style settings of the plugin): Click To Top</script><script>alert(document.cookie)</script>

Affects Plugins

Fixed in 1.2.8

References

URL

https://packetstormsecurity.com/files/#158901/

URL

https://melbin.in/2020/08/17/stored-xss-vulnerability-in-change-wordpress-click-to-top-plugin/

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CVSS

Miscellaneous

Original Researcher

Melbin K Matthew

Verified

Yes

WPVDB ID

574d8f9b-eb6b-4efd-9924-97e3e80f336a

Timeline

Publicly Published

2020-08-19 (about 5 years ago)

Added

2020-08-19 (about 5 years ago)

Last Updated

2020-12-11 (about 5 years ago)

Other

Published

Title

Published

2024-07-11

Title

WooCommerce Customers Manager < 30.2 - Subscriber+ Stored XSS

Published

2024-11-08

Title

Faltu Testimonial Rotator <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

Published

2022-06-08

Title

Gallery Bank <= 4.0.50 - Author+ Stored XSS via Media Upload Module

Published

2024-07-06

Title

WPFavicon <= 2.1.1 - Authenticated (Admin+) Stored Cross-Site Scripting

Published

2017-12-05

Title

Z-URL Preview < 2.0.0 - Cross-Site Scripting (XSS)