WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

Uji Countdown < 2.3.1 - Admin+ Stored XSS

Description

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

Proof of Concept

1. In the settings of the plugin add the payload in the input boxes: 123" onmouseenter=alert(/XSS/) " and save the changes.
2. Refresh or re-enter the page and move the mouse over the input box to get the XSS trigger.

Affects Plugins

uji-countdown
Fixed in version 2.3.1

References

CVE
CVE-2022-3837

Classification

Type

XSS

OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79

Miscellaneous

Original Researcher

zhangyunpei

Submitter

zhangyunpei

Verified

Yes

WPVDB ID
8554ca79-5a4b-49df-a75f-5faa4136bb8c

Timeline

Publicly Published

2022-11-10 (about 6 months ago)

Added

2022-11-10 (about 6 months ago)

Last Updated

2023-03-15 (about 2 months ago)

Our Other Services

WPScan WordPress Security Plugin