WordPress Plugin Vulnerabilities

WP Brutal AI < 2.06 - Admin+ Stored XSS

Description

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

Proof of Concept

In the plugin settings, for a campaign title add the payload:

`><audio src=x onerror=confirm("XSS")>`

Create the campaign and the XSS will be executed.

Affects Plugins

Plugin icon
wpbrutalai
Fixed in 2.06

References

CVE
CVE-2023-2606

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
3.5 (low)

Miscellaneous

Original Researcher
Taurus Omar
Submitter
Taurus Omar
Submitter website
https://taurusomar.com
Submitter twitter
@taurusomar_
Verified
Yes
WPVDB ID
62deb3ed-a7e4-4cdc-a615-cad2ec2e1e8f

Timeline

Publicly Published
2023-07-19 (about 4 months ago)
Added
2023-07-24 (about 4 months ago)
Last Updated
2023-07-24 (about 4 months ago)

Other

Published
Title
Published
2021-07-30
Title
You Shang <= 1.0.1 - Authenticated Stored Cross-Site Scripting
Published
2014-08-01
Title
Knews 1.2.5 - Unspecified XSS
Published
2022-03-30
Title
Spam protection, AntiSpam, FireWall by CleanTalk < 5.174.1 - Reflected Cross-Site Scripting
Published
2015-08-26
Title
Role Scoper <= 1.3.64 - Authenticated Reflected Cross-Site Scripting (XSS)
Published
2021-11-22
Title
Logo Carousel < 3.4.2 - Contributor+ Stored Cross-Site Scripting