Restrict Usernames Emails Characters Plugin < 3.1.4 – Admin+ Stored XSS | CVE 2023-6165 | Plugin Vulnerabilities

Description

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed

Proof of Concept

1. Access the "Restrict Usernames Emails Characters" settings
2. For the field "The name of the user_login field in registration form", enter the payload `"><img src=1 onerror=alert(/xss/)>`
3. Click "Save Changes" and see the XSS.

Affects Plugins

restrict-usernames-emails-characters

Fixed in 3.1.4

References

CVE

URL

https://github.com/youki992/youki992.github.io/blob/master/others/apply2.md

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

Miscellaneous

Original Researcher

Yuhang Liu

Submitter

Yuhang Liu

Verified

Yes

WPVDB ID

aba62286-9a82-4d5b-9b47-1fddde5da487

Timeline

Publicly Published

2024-01-05 (about 4 months ago)

Added

2024-01-05 (about 4 months ago)

Last Updated

2024-01-05 (about 4 months ago)

Other

Published

Title

Published

2022-12-14

Title

Permalink Manager Lite < 2.3.0 - Authenticated Stored XSS

Published

2024-01-16

Title

Shield Security < 18.5.8 - Unauthenticated Stored Cross-Site Scripting

Published

2015-05-14

Title

Multiple Plugins - jQuery prettyPhoto DOM Cross-Site Scripting (XSS)

Published

2013-12-09

Title

Spider Video Player <= 2.1 - Reflected Cross-Site Scripting (XSS)

Published

2023-05-22

Title

Multiple Plugins from Wow-Company - Reflected XSS