Alemha Watermarker <= 1.3.1 – Author+ Stored XSS | CVE 2024-3754 | Plugin Vulnerabilities

Description

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

Proof of Concept

1. As an "author" level user, add a new watermark: https://example.com/wp-admin/post-new.php?post_type=watermark
2. For the field "watermark text" field, enter the payload: `"><script>alert(1)</script>`
3. Save and see the XSS

Affects Plugins

alemha-watermark

No known fix

References

CVE

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CVSS

Miscellaneous

Original Researcher

Erdemstar

Submitter

Erdemstar

Submitter website

https://erdemstar.com.tr

Verified

Yes

WPVDB ID

8c6f3e3e-3047-4446-a190-750a60c29fa3

Timeline

Publicly Published

2024-05-24 (about 1 year ago)

Added

2024-05-24 (about 1 year ago)

Last Updated

2024-05-24 (about 1 year ago)

Other

Published

Title

Published

2024-06-22

Title

WordPress Plugin Tournamatch < 4.6.1 - Admin+ Stored XSS via Ladders

Published

2025-07-09

Title

Gwolle Guestbook < 4.9.3 - Unauthenticated Stored Cross-Site Scripting via `gwolle_gb_content` Parameter

Published

2025-02-26

Title

Card Elements for Elementor < 1.2.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Profile Card Widget

Published

2024-02-21

Title

Elementor Addon Elements < 1.13 - Contributor+ Stored XSS

Published

2014-08-01

Title

Eunice - Unspecified XSS