WordPress Plugin Vulnerabilities

IDonate <= 1.9.0 - Admin+ Stored XSS

Description

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

Proof of Concept

1. Navigate to
http://example.com/wp-admin/admin.php?page=idonate-setting-admin
2. Enter payload `"><h1 onclick=alert(1)>XSS</h1>` in Recaptcha secret key
and in Recaptcha Site key
3. Click on save changes.
4. While clicking on the payload text, XSS will trigger.

Affects Plugins

Plugin icon
idonate
No known fix

References

CVE
CVE-2024-3594
URL
https://packetstormsecurity.com/files/#177361/

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79

Miscellaneous

Original Researcher
Laburity Research Team
Submitter
Laburity Research Team
Submitter website
https://laburity.com
Submitter twitter
laburityhq
Verified
Yes
WPVDB ID
7a8a834a-e5d7-4678-9d35-4390d1200437

Timeline

Publicly Published
2024-05-01 (about 1 months ago)
Added
2024-05-01 (about 1 months ago)
Last Updated
2024-05-01 (about 1 months ago)

Other

Published
Title
Published
2023-06-15
Title
WP Matterport Shortcode < 2.1.5 - Contributor+ Stored XSS
Published
2022-01-17
Title
Permalink Manager < 2.2.15 - Reflected Cross-Site Scripting
Published
2023-07-24
Title
Custom Field For WP Job Manager < 1.2 - Admin+ Stored XSS
Published
2024-04-12
Title
Smart Slider 3 < 3.5.1.23 - Contributor+ Stored XSS via SVG Upload
Published
2014-09-17
Title
Mobiloud < 2.3.8 - Multiple Cross-Site Scripting (XSS)