WordPress Plugin Vulnerabilities

WP phpMyAdmin < 5.2.0.4 - Admin+ Stored Cross-Site Scripting

Description

The plugin does not escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed (for example in multisite setup)

Proof of Concept

Put the following payload in the "phpMyAdmin on hosting" settings (/wp-admin/admin.php?page=wp-phpmyadmin-extension) of the plugin: "autofocus onfocus=alert(/XSS/)//

Affects Plugins

Plugin icon
wp-phpmyadmin-extension
Fixed in 5.2.0.4

References

CVE
CVE-2022-2407

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
3.4 (low)

Miscellaneous

Original Researcher
Raad Haddad of Cloudyrion GmbH
Submitter
Raad Haddad of Cloudyrion GmbH
Submitter twitter
raadfhaddad
Verified
Yes
WPVDB ID
5be611e8-5b7a-4579-9757-45a4c94a53ca

Timeline

Publicly Published
2022-08-01 (about 1 years ago)
Added
2022-08-01 (about 1 years ago)
Last Updated
2023-05-01 (about 7 months ago)

Other

Published
Title
Published
2021-11-15
Title
Shiny Buttons <= 1.1.0 - Unauthenticated Stored Cross-Site Scripting
Published
2023-11-14
Title
Namaste! LMS < 2.6.1.2 - Reflected Cross-Site Scripting
Published
2021-06-07
Title
Nina Forms < 3.5.5 - Reflected Cross-Site Scripting
Published
2023-02-28
Title
Smart Slider 3 < 3.5.1.14 - Contributor+ Stored XSS
Published
2023-01-03
Title
Justified Gallery < 1.7.1 - Contributor+ Stored XSS via Shortcode