WordPress Plugin Vulnerabilities

Interactive Medical Drawing of Human Body < 2.6 - Admin+ Stored XSS

Description

The plugin does not sanitise and escape the Link field, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.

Proof of Concept

Put the following payload in the Link settings of a body party and save the change: "></script><script>alert(/XSS-link/)</script>

Affects Plugins

Plugin icon
interactive-medical-drawing-of-human-body
Fixed in 2.6

References

CVE
CVE-2022-0388

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
3.4 (low)

Miscellaneous

Original Researcher
Rubina Shaikh
Submitter
Rubina Shaikh
Submitter website
https://www.linkedin.com/in/rubina-shaikh-70b852166/
Verified
Yes
WPVDB ID
7d4ad1f3-6d27-4655-9796-ce370ef5fced

Timeline

Publicly Published
2022-03-07 (about 2 years ago)
Added
2022-03-07 (about 2 years ago)
Last Updated
2022-06-17 (about 1 years ago)

Other

Published
Title
Published
2023-02-28
Title
WP No External Links <= 1.0.2 - Admin+ Stored XSS
Published
2021-09-28
Title
Restaurant Menu by MotoPress < 2.4.2 - Admin+ Stored Cross Site Scripting
Published
2023-09-06
Title
Newsletter < 7.9.0 - Contributor+ Stored XSS
Published
2023-03-16
Title
Newsmag <= 2.4.4 - Subscriber+ Reflected Cross-Site Scripting
Published
2019-07-03
Title
MyBookTable <= 3.2.2 - Multiple XSS