Clipr <= 1.2.3 – Admin+ Stored Cross-Site Scripting | CVE 2022-1559 | Plugin Vulnerabilities

Description

The plugin does not sanitise and escape its API Key settings before outputting it in an attribute, leading to a Stored Cross-Site Scripting issue even when the unfiltered_html capability is disallowed

Proof of Concept

Put the following payload in the API Key settings of the plugin: '></script><script>alert(/XSS/)</script>

The XSS will be triggered when viewing the settings again, as well as all frontend pages

Affects Plugins

No known fix

References

CVE

URL

https://packetstormsecurity.com/files/#166530/

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CVSS

Miscellaneous

Original Researcher

Hassan Khan Yusufzai - Splint3r7

Verified

Yes

WPVDB ID

99059337-c3cd-4e91-9a03-df32a05b719c

Timeline

Publicly Published

2022-03-30 (about 3 years ago)

Added

2022-03-30 (about 3 years ago)

Last Updated

2022-05-04 (about 3 years ago)

Other

Published

Title

Published

2023-01-11

Title

Send PDF for Contact Form 7 < 0.9.9.2 - Contributor+ Stored XSS via Shortcode

Published

2024-09-30

Title

Guten Post Layout – An Advanced Post Grid Collection for WordPress Gutenberg < 1.2.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via align Attribute

Published

2024-10-03

Title

Re:WP < 1.0.2 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload

Published

2025-04-16

Title

Attendance Manager <= 0.6.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

Published

2024-01-10

Title

Profile Builder Pro < 3.10.1 - Reflected Cross-Site Scripting