WordPress Plugin Vulnerabilities

MonsterInsights < 8.12.1 - Contributor+ Stored XSS

Description

The plugin does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.

Proof of Concept

As a contributor, add an "Inline Popular Posts" to a page/post and put the following payload in the Additional CSS class settings of the block: 

" onmouseover="alert(/XSS/)" style="background:red;"

Affects Plugins

Plugin icon
google-analytics-for-wordpress
Fixed in 8.12.1

References

CVE
CVE-2023-0081

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
6.8 (medium)

Miscellaneous

Original Researcher
Lana Codes
Submitter
Lana Codes
Submitter website
https://lana.codes/
Submitter twitter
LanaCodes
Verified
Yes
WPVDB ID
76d2963c-ebff-498f-9484-3c3008750c14

Timeline

Publicly Published
2023-01-13 (about 10 months ago)
Added
2023-01-13 (about 10 months ago)
Last Updated
2023-01-13 (about 10 months ago)

Other

Published
Title
Published
2014-10-16
Title
Cforms < 13.2 - XSS
Published
2022-05-04
Title
Andrea Pernici News Sitemap for Google <= 1.0.16 - Contributor+ Stored Cross-Site Scripting
Published
2014-08-01
Title
WP Forum Server <= 1.7.3 - fs-admin/wpf-add-forum.php groupid Parameter XSS
Published
2020-05-12
Title
WooCommerce < 4.1.0 - Unescaped Metadata when Duplicating Products
Published
2022-07-04
Title
Booster for WooCommerce < 5.6.2 - Reflected Cross-Site Scripting