SEO 301 Meta <= 1.9.1 – Admin+ Stored Cross-Site Scripting | CVE 2022-0701

Description

The plugin does not escape its Request and Destination settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed

Proof of Concept

Put the following payload in the Request or Destination settings of the plugin: " style=animation-name:rotation onanimationstart=alert(/XSS/)//

Affects Plugins

seo-301-meta

No known fix

References

CVE

CVE-2022-0701

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CWE-79

CVSS

3.4 (low)

Miscellaneous

Original Researcher

fuzzyap1

Submitter

fuzzyap1

Verified

Yes

WPVDB ID

68882f81-12d3-4e98-82ff-6754ac4ccfa1

Timeline

Publicly Published

2022-02-21 (about 2 years ago)

Added

2022-02-21 (about 2 years ago)

Last Updated

2022-04-16 (about 2 years ago)

Other

Published

Title

Published

2024-03-07

Title

EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor < 3.9.11 - Authenticated (Contributor+) Stored Cross-Site Scripting via EmbedPress PDF Widget

Published

2023-08-28

Title

Order Tracking Pro < 3.3.7 - Admin+ Stored Cross-Site Scripting

Published

2024-01-03

Title

PageLayer < 1.7.9 - Contributor+ Stored XSS

Published

2019-04-30

Title

My Calendar <= 3.1.9 - Unauthenticated Cross-Site Scripting (XSS)

Published

2021-09-27

Title

Visual Form Builder < 3.0.4 - Admin+ Stored Cross-Site Scripting