WordPress Plugin Vulnerabilities

Slimstat Analytics < 4.9.3 - Unauthenticated Stored XSS

Description

The plugin does not sanitise and escape the URI when logging requests, which could allow unauthenticated attackers to perform Stored Cross-Site Scripting attacks against logged in admin viewing the logs

Proof of Concept

As an unauthenticated user, open the following URL https://example.com/?s="><script>alert(/XSS/)</script>

The XSS will be triggered when an admin view the Real Time menu and click on the related access log.

Affects Plugins

Plugin icon
wp-slimstat
Fixed in 4.9.3

References

CVE
CVE-2022-4310

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
8.8 (high)

Miscellaneous

Original Researcher
Bilal Chawich
Submitter
Bilal Chawich
Submitter website
https://www.hacksclusive.com/
Submitter twitter
https://twitter.com/Jupiter3301
Verified
Yes
WPVDB ID
b1aef75d-0c84-4702-83fc-11f0e98a0821

Timeline

Publicly Published
2022-12-19 (about 1 years ago)
Added
2022-12-19 (about 1 years ago)
Last Updated
2022-12-19 (about 1 years ago)

Other

Published
Title
Published
2015-07-29
Title
qTranslate <= 2.5.39 - Cross-Site Scripting (XSS)
Published
2023-06-26
Title
SimpleModal Contact Form (SMCF) <= 1.2.9 - Admin+ Stored XSS
Published
2015-05-09
Title
Roomcloud v1.1(rev @1115307) - Cross-Site Scripting (XSS)
Published
2020-05-11
Title
ImageBoss < 3.0.6 - Admin+ Stored Cross-Site Scripting
Published
2017-11-11
Title
WP Mail Logging <= 1.8.2 - Stored Cross-Site Scripting