WordPress Plugin Vulnerabilities

E2Pdf < 1.16.45 - Admin+ Stored Cross-Site Scripting (XSS)

Description

The plugin does not sanitise and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed

Proof of Concept

Refer to https://mikadmin.fr/tech/XSS-Stored-E2Pdf-798ef69b0e13c36acf5446358d57c965Dx90666bNvCw98.pdf

Affects Plugins

Plugin icon
e2pdf
Fixed in 1.16.45

References

CVE
CVE-2022-0535
URL
https://plugins.trac.wordpress.org/changeset/2675049/e2pdf

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
4.8 (medium)

Miscellaneous

Original Researcher
Mika
Submitter
Mika
Submitter website
https://mikadmin.fr/
Submitter twitter
mika_sec
Verified
Yes
WPVDB ID
a4162e96-a3c5-4f38-a60b-aa3ed9508985

Timeline

Publicly Published
2022-02-09 (about 2 years ago)
Added
2022-02-09 (about 2 years ago)
Last Updated
2022-04-08 (about 2 years ago)

Other

Published
Title
Published
2019-03-11
Title
Abandoned Cart Lite for WooCommerce < 5.2.0 - Unauthenticated Stored Cross-Site Scripting (XSS)
Published
2024-04-10
Title
Popup Like box – Page < 3.7.3 - Authenticated (Administrator+) Stored Cross-Site Scripting
Published
2022-08-01
Title
Student Result or Employee Database < 1.8.0 - Unauthorised REST Calls
Published
2023-11-30
Title
UserPro < 5.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Published
2024-04-15
Title
BA Book Everything < 1.6.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode