WP Page Builder <= 1.2.8 – Admin+ Stored Cross-Site | CVE 2022-3830

Description

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

Proof of Concept

Navigate to Setting » add the payload: "><img src=x onerror=confirm(document.domain)>, into "Content Width & Gutter" to trigger the popup.

Affects Plugins

wp-pagebuilder

No known fix

References

CVE

CVE-2022-3830

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CWE-79

CVSS

3.4 (low)

Miscellaneous

Original Researcher

Vaibhav Koli

Submitter

Vaibhav Koli

Submitter website

https://www.keyloggervk7.com

Submitter twitter

keyloggervk7

Verified

Yes

WPVDB ID

98b2321d-fb66-4e02-9906-63af7b08d647

Timeline

Publicly Published

2022-11-10 (about 1 years ago)

Added

2022-11-10 (about 1 years ago)

Last Updated

2022-11-10 (about 1 years ago)

Other

Published

Title

Published

2023-07-12

Title

Radio Forge Muses Player with Skins <= 2.5 - Reflected Cross-Site Scripting

Published

2016-07-07

Title

WP-EMail <= 2.67.2 - Cross-Site Scripting (XSS)

Published

2022-01-12

Title

Quiz And Survey Master < 7.3.7 - Reflected Cross-Site Scripting

Published

2023-08-23

Title

Radio Station < 2.5.0 - Reflected XSS

Published

2022-03-23

Title

Simple Event Planner < 1.5.5 - Author+ Stored Cross-Site Scripting