WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

BulletProof Security < 6.1 - Admin+ Stored Cross-Site Scripting

Description

The plugin does not sanitize and escape some of its CAPTCHA settings, which could allow high-privileged users to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed

Proof of Concept

With the plugin setup completed, as administrator, put the payload below in the BPS Security > JTC Lite > "Login Form: CAPTCHA Error message" field and tick the "Enable|Disable JTC For These Forms: " > "Login Form" as well
 
<style>@keyframes x{}</style><article style="animation-name:x" onanimationend="alert(/Stored XSS/)"></article>  

The XSS will be executed on the login page following an incorrect CAPTCHA entry.

Affects Plugins

bulletproof-security
Fixed in version 6.1

References

CVE
CVE-2022-1265

Classification

Type

XSS

OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79

Miscellaneous

Original Researcher

Fayçal CHENA

Submitter

Fayçal CHENA

Submitter website
https://fafachena.com
Submitter twitter
faycal_chena
Verified

Yes

WPVDB ID
9b66819d-8479-4c0b-b206-7f7ff769f758

Timeline

Publicly Published

2022-04-19 (about 2 months ago)

Added

2022-04-19 (about 2 months ago)

Last Updated

2022-04-19 (about 2 months ago)

Our Other Services

WPScan WordPress Security Plugin