WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

Text Hover < 4.2 - Admin+ Stored Cross-Site Scripting

Description

The plugin does not sanitize and escape the text to hover, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.

Proof of Concept

As admin, put the following in the plugin's settings: test => "><script>alert(/XSS/)</script>

Tick the "Enable text hover in comments?", post a comment on a post/page with the 'test' word and hover over it to trigger the XSS

Can also edit a post and put the 'test' word in it to achieve the same result

Affects Plugins

text-hover
Fixed in version 4.2

References

CVE
CVE-2022-0737

Classification

Type

XSS

OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79

Miscellaneous

Original Researcher

Rohan Chaudhari

Submitter

Rohan Chaudhari

Submitter website
https://www.linkedin.com/in/rohan-chaudhari-53aa51174
Verified

Yes

WPVDB ID
a5c9fa61-e6f1-4460-84fe-977a203bd4bc

Timeline

Publicly Published

2022-03-28 (about 4 months ago)

Added

2022-03-28 (about 4 months ago)

Last Updated

2022-04-09 (about 4 months ago)

Our Other Services

WPScan WordPress Security Plugin