WordPress Plugin Vulnerabilities

Print, PDF, Email by PrintFriendly < 5.2.3 - Admin+ Stored Cross-Site Scripting

Description

The plugin does not sanitise and escape the Custom Button Text settings, which could allow high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed

Proof of Concept

In the plugin's settings, tick 'Custom Button' and put the following payload in the Text field: <img src=x onerror=alert(/XSS/)>

The XSS will be triggered when accessing the plugin's settings page, as well as all frontend pages

Affects Plugins

Plugin icon
printfriendly
Fixed in 5.2.3

References

CVE
CVE-2022-0663

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
3.4 (low)

Miscellaneous

Original Researcher
muhamad hidayat
Submitter
muhamad hidayat
Submitter website
https://muh-hidayat7799.medium.com/
Submitter twitter
hidesu_ae
Verified
Yes
WPVDB ID
b586b217-f91e-42d3-81f1-cc3ee3a4b01e

Timeline

Publicly Published
2022-05-30 (about 1 years ago)
Added
2022-05-30 (about 1 years ago)
Last Updated
2023-02-23 (about 9 months ago)

Other

Published
Title
Published
2023-09-06
Title
Fitness calculators <= 2.0.7 - Admin+ Stored XSS
Published
2019-10-14
Title
WordPress <= 5.2.3 - Stored XSS in Style Tags
Published
2022-10-29
Title
Glossary <= 3.1.2 - Contributor+ Stored XSS
Published
2022-01-31
Title
Fotobook <= 3.2.3 - Reflected Cross-Site Scripting
Published
2021-09-20
Title
StreamCast < 2.1.1 - Contributor+ Stored Cross-Site Scripting