WordPress Plugin Vulnerabilities

Microsoft Advertising Universal Event Tracking < 1.0.4 - Admin+ Stored Cross-Site Scripting

Description

The plugin does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. Due to the nature of this plugin, well crafted XSS can also leak into the frontpage.

Proof of Concept

Put the following payload in the UET Tag ID settings of the plugin: tagid"};}});alert("XSS");</script>

Affects Plugins

Plugin icon
microsoft-advertising-universal-event-tracking-uet
Fixed in 1.0.4

References

CVE
CVE-2022-2170

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
3.4 (low)

Miscellaneous

Original Researcher
Chowdhury Faizal Ahammed
Submitter
Chowdhury Faizal Ahammed
Submitter website
https://www.linkedin.com/in/chowdhury-faizal-ahammed-b09351163/
Submitter twitter
BallerKid07
Verified
Yes
WPVDB ID
6eaef938-ce98-4d57-8a1d-fa9d1ae3d6ed

Timeline

Publicly Published
2022-07-07 (about 1 years ago)
Added
2022-07-07 (about 1 years ago)
Last Updated
2023-04-11 (about 1 years ago)

Other

Published
Title
Published
2014-08-01
Title
Wordpress 2.8.1 - URL Remote Cross-Site Scripting (XSS)
Published
2023-06-05
Title
Ultimate Product Catalog < 5.2.6 - Admin+ Stored XSS
Published
2016-05-20
Title
brafton WordPress Plugin <=3.4.7 - Reflected XSS
Published
2021-09-27
Title
WooCommerce Product Table Lite < 2.4.0 - Reflected Cross-Site Scripting
Published
2024-04-16
Title
VikBooking Hotel Booking Engine & PMS < 1.6.8 - Reflected Cross-Site Scripting