Popup Maker < 1.16.11 – Contributor+ Stored Cross Site Scripting | CVE 2022-3690 | Plugin Vulnerabilities

Description

The plugin does not sanitise and escape some of its Popup options, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks, which could be used against admins

Proof of Concept

Create a New popup
Insert pop-up name, title, and body text. 
Add a new trigger with default settings, choose "Click Open" and under "On Popup Close" then click add.
Click add new cookie and in the cookie name add the payload as cookie name: <script>alert("XSS")</script>
The XSS will be triggered when editing a trigger

Affects Plugins

Fixed in 1.16.11

References

CVE

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CVSS

Miscellaneous

Original Researcher

c3p0d4y

Submitter

c3p0d4y

Submitter twitter

https://twitter.com/c3p01337

Verified

Yes

WPVDB ID

725f6ae4-7ec5-4d7c-9533-c9b61b59cc2b

Timeline

Publicly Published

2022-10-31 (about 1 years ago)

Added

2022-10-31 (about 1 years ago)

Last Updated

2022-12-08 (about 1 years ago)

Other

Published

Title

Published

2024-01-16

Title

Post views Stats <= 1.3 - Reflected Cross-Site Scripting via from and to

Published

2016-07-14

Title

WP No External Links <= 3.5.15 - Cross-Site Scripting (XSS)

Published

2023-01-20

Title

ProfilePress < 4.5.4 - Admin+ Stored XSS

Published

2022-10-17

Title

WP < 6.0.3 - Stored XSS via RSS Widget

Published

2023-01-19

Title

User Meta Manager <= 3.4.9 - Reflected XSS