Font Awesome 4 Menus <= 4.7.0 – Admin+ Stored XSS | CVE 2022-3829 | Plugin Vulnerabilities

Description

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

Proof of Concept

Put the following payload in the "A custom location" settings of the plugin: 123" onmouseenter=alert(/XSS/) "

The XSS will be triggered when accessing the settings page again and moving the mouse over the input box

Affects Plugins

font-awesome-4-menus

No known fix

References

CVE

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CVSS

Miscellaneous

Original Researcher

zhangyunpei

Submitter

zhangyunpei

Verified

Yes

WPVDB ID

684941ad-541f-43f9-a7ef-d26c0f4e6e21

Timeline

Publicly Published

2022-11-02 (about 1 years ago)

Added

2022-11-02 (about 1 years ago)

Last Updated

2022-11-02 (about 1 years ago)

Other

Published

Title

Published

2024-04-09

Title

Elementor Addons by Livemesh < 8.3.7 - Authenticated(Contributor+) Stored Cross-Site Scripting via widget _id attribute

Published

2019-07-22

Title

Ultimate Member <= 2.0.53 - Cross-Site Scripting (XSS)

Published

2015-04-26

Title

WordPress <= 4.2 - Unauthenticated Stored Cross-Site Scripting (XSS)

Published

2019-05-06

Title

W3 Total Cache <= 0.9.7.3 - Cross-Site Scripting (XSS)

Published

2015-10-05

Title

Easy2Map < 1.3.0 - Reflected Cross-Site Scripting (XSS)