WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

Seo By 10Web < 1.2.7 - Admin+ Stored XSS

Description

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

Proof of Concept

1. Go to SEO by 10Web » Sitemap section.

2. And new URL to the page.

3. Add XSS payload: "><audio src=x onerror=confirm("XSS")>

4. Save to trigger the XSS.

Affects Plugins

seo-by-10web
Fixed in version 1.2.7

References

CVE
CVE-2023-2224

Classification

Type

XSS

OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79

Miscellaneous

Original Researcher

Taurus Omar

Submitter

Taurus Omar

Submitter website
https://taurusomar.com
Submitter twitter
@TaurusOmar_
Verified

Yes

WPVDB ID
a76b6d22-1e00-428a-8a04-12162bd0d992

Timeline

Publicly Published

2023-05-10 (about 4 months ago)

Added

2023-05-10 (about 4 months ago)

Last Updated

2023-05-10 (about 4 months ago)

Our Other Services

WPScan WordPress Security Plugin