Broken Link Checker < 1.11.20 – Admin+ Cross-Site Scripting | CVE 2022-3922 | Plugin Vulnerabilities

Description

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

Proof of Concept

Put the following payload in the Youtube API Key settings and save: test"><script>alert(/XSS/)</script>.

The XSS will be triggered when viewing the settings page again

Affects Plugins

broken-link-checker

Fixed in 1.11.20

References

CVE

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CVSS

Miscellaneous

Original Researcher

Jihoon Lee (AhnLab)

Submitter

Jihoon Lee (AhnLab)

Verified

Yes

WPVDB ID

78054bd7-cdc2-4b14-9b5c-30f10e802d6b

Timeline

Publicly Published

2022-11-11 (about 1 years ago)

Added

2022-11-11 (about 1 years ago)

Last Updated

2022-12-16 (about 1 years ago)

Other

Published

Title

Published

2014-08-01

Title

BannerMan 0.2.4 - XSS in wp-admin/options-general.php via bannerman_background parameter

Published

2022-09-02

Title

Meet My Team <= 2.0.5 - Contributor+ Stored Cross-Site Scripting

Published

2023-12-26

Title

WP Remote Site Search < 1.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting

Published

2023-04-03

Title

Magic Post Thumbnail < 4.1.11 - Reflected XSS

Published

2023-02-15

Title

Upload File Type Settings <= 1.1 - Admin+ Stored XSS