WordPress Plugin Vulnerabilities
WP Athletics <= 1.1.7 - Subscriber+ Stored Cross-Site Scripting
Description
The plugin does not sanitize parameters before storing them in the database, nor does it escape the values when outputting them back in the admin dashboard, leading to a Stored Cross-Site Scripting vulnerability.
Proof of Concept
- Log on to the site using a subscriber account. - On the page the shortcode is rendered, click on "Why not add your own race result?" - In the "Event Name" field, enter "><img src=x onerror=alert(1)// >, and fill in & submit the rest of the form. - As an administrator, visit /wp-admin/admin.php?page=wp-athletics-manage-results
Affects Plugins
References
CVE
Classification
Type
XSS
OWASP top 10
CWE
CVSS
Miscellaneous
Original Researcher
Wejdan Alomari
Submitter
Wejdan Alomari
Verified
Yes
WPVDB ID
Timeline
Publicly Published
2022-05-17 (about 2 years ago)
Added
2022-05-17 (about 2 years ago)
Last Updated
2022-05-18 (about 2 years ago)