Hueman Addons <= 2.3.3 – Contributor+ Stored XSS via Shortcode | CVE 2022-4784 | Plugin Vulnerabilities

Description

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks

Proof of Concept

[column size='" onmouseover="alert(1)" style="background:red;width:100px;height:100px;"']

Required theme: https://wordpress.org/themes/hueman/ (the shortcode is added only if this theme is used, because according to the wp.org standard, add_shortcode() is plugin territory)

Affects Plugins

No known fix

References

CVE

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CVSS

Miscellaneous

Original Researcher

Lana Codes

Submitter

Lana Codes

Submitter website

https://lana.codes/

Submitter twitter

Verified

Yes

WPVDB ID

a30c6f1e-62fd-493d-ad5e-1b55ceec62a9

Timeline

Publicly Published

2023-01-26 (about 1 years ago)

Added

2023-01-26 (about 1 years ago)

Last Updated

2023-01-26 (about 1 years ago)

Other

Published

Title

Published

2024-04-15

Title

Canva – Design beautiful blog graphics <= 1.2.4 - Reflected Cross-Site Scripting

Published

2021-12-23

Title

Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue < 3.1.25 - Reflected XSS

Published

2016-10-10

Title

Simplified Content <= 1.0.0 - XSS

Published

2011-12-11

Title

Disqus Comment System <= 2.68 - Reflected Cross-Site Scripting (XSS)

Published

2023-04-03

Title

Albo Pretorio Online < 4.6.2 - Reflected XSS