WordPress Plugin Vulnerabilities

SEO 301 Meta <= 1.9.1 - Admin+ Stored Cross-Site Scripting

Description

The plugin does not escape its Request and Destination settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed

Proof of Concept

Put the following payload in the Request or Destination settings of the plugin: " style=animation-name:rotation onanimationstart=alert(/XSS/)//

Affects Plugins

seo-301-meta

No known fix - plugin closed

References

CVE

CVE-2022-0701

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CWE-79

Miscellaneous

Original Researcher

fuzzyap1

Submitter

fuzzyap1

Verified

Yes

WPVDB ID

68882f81-12d3-4e98-82ff-6754ac4ccfa1

Timeline

Publicly Published

2022-02-21 (about 4 months ago)

Added

2022-02-21 (about 4 months ago)

Last Updated

2022-04-16 (about 2 months ago)

Our Other Services

WPScan WordPress Security Plugin