WordPress Plugin Vulnerabilities

Cloud Manager <= 1.0 - Reflected XSS

Description

The plugin does not sanitise and escape the query param ricerca before outputting it in an admin panel, allowing unauthenticated attackers to trick a logged in admin to trigger a XSS payload by clicking a link.

Proof of Concept

http://example.com/wp-admin/admin.php?page=cloud-gestione-files&ricerca=%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E

Affects Plugins

Plugin icon
cloud-manager
No known fix

References

CVE
CVE-2023-0421

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
9.6 (critical)

Miscellaneous

Original Researcher
Shreya Pohekar
Submitter
Shreya Pohekar
Submitter website
https://shreyapohekar.com
Submitter twitter
shreyapohekar
Verified
Yes
WPVDB ID
a356fea0-f143-4736-b2b2-c545c525335c

Timeline

Publicly Published
2023-04-12 (about 1 years ago)
Added
2023-04-12 (about 1 years ago)
Last Updated
2023-04-12 (about 1 years ago)

Other

Published
Title
Published
2024-02-28
Title
WPvivid Backup for MainWP < 0.9.33 - Reflected Cross-Site Scripting
Published
2023-09-21
Title
WP-Matomo Integration (WP-Piwik) < 1.0.29 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Published
2023-01-16
Title
Simple Tooltips < 2.1.4 - Contributor+ Stored XSS via Shortcode
Published
2023-11-14
Title
Post Status Notifier Lite < 1.11.1 - Reflected Cross-Site Scripting
Published
2024-01-16
Title
WOLF < 1.0.8.1 - Unauthenticated Stored Cross-Site Scripting via profile_title