WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

Image optimization & Lazy Load < 3.3.2 - Admin+ Stored Cross-Site Scripting

Description

The plugin does not sanitise and escape its "Lazyload background images for selectors" settings, which could allow high privilege users such as admin to perform Cross-Site scripting attacks even when the unfiltered_html capability is disallowed.

Proof of Concept

Put the following payload in the Media > Optimole > Advanced > Lazyload > Lazyload background images for selectors settings: </sCriPT><sVg ONLoAd=confirm(1)//

The XSS will be triggered in each page of the frontend, as well as in the admin dashboard

Affects Plugins

optimole-wp
Fixed in version 3.3.2

References

CVE
CVE-2022-0969
URL
https://plugins.trac.wordpress.org/changeset/2695242

Classification

Type

XSS

OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79

Miscellaneous

Original Researcher

Mika

Submitter

Mika

Submitter website
https://mikadmin.fr/
Submitter twitter
mika_sec
Verified

Yes

WPVDB ID
59a7a441-7384-4006-89b4-15345f70fabf

Timeline

Publicly Published

2022-03-21 (about 1 years ago)

Added

2022-03-21 (about 1 years ago)

Last Updated

2022-04-11 (about 1 years ago)

Our Other Services

WPScan WordPress Security Plugin