WordPress Plugin Vulnerabilities
Mortgage Calculators WP < 1.56 - Admin+ Stored Cross-Site Scripting
Description
The plugin does not implement any sanitisation on the color setting of the background of a calculator, which could allow high privilege users to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
Proof of Concept
1. Go to settings page available under the "Calculator" menu item. 2. Click the "Select Color" button and type the following payload the input space: </style></head><script>alert(/XSS/)</script> 3. Click the "Save Changes" button to save settings. 4. Create a new page and add the shortcode ([mcwp type="cv"]) of the calculator, for testing. 5. Visit the page to trigger XSS.
Affects Plugins
Fixed in version 1.56
References
Classification
Miscellaneous
Original Researcher
Ceylan Bozogullarindan
Submitter
Ceylan Bozogullarindan
Submitter website
Submitter twitter
Verified
Yes
Timeline
Publicly Published
2022-01-11 (about 5 months ago)
Added
2022-01-11 (about 5 months ago)
Last Updated
2022-04-13 (about 2 months ago)