Namaste! LMS < 2.5.9.4 – Admin+ Stored XSS | CVE 2023-0548 | Plugin Vulnerabilities

Description

The plugin does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

Proof of Concept

1. Go to Namaste Settings, and at Payment Settings in the Payment currency field, put: "autofocus onfocus=alert(1)//

2. Go to yourpage.com/wp-admin/admin.php?page=namaste_options, and the alert will trigger.

Affects Plugins

Fixed in 2.5.9.4

References

CVE

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CVSS

Miscellaneous

Original Researcher

Felipe Restrepo Rodriguez

Submitter

Felipe Restrepo Rodriguez

Submitter website

https://pfelilpe.com

Submitter twitter

Verified

Yes

WPVDB ID

b6c1ed7a-5b2d-4985-847d-56586b1aae9b

Timeline

Publicly Published

2023-01-31 (about 1 years ago)

Added

2023-01-31 (about 1 years ago)

Last Updated

2023-01-31 (about 1 years ago)

Other

Published

Title

Published

2018-06-18

Title

Media Library Assistant < 2.7.4 - Cross-Site Scripting (XSS)

Published

2022-08-03

Title

Anti-Malware Security and Brute-Force Firewall < 4.21.83 - Reflected Cross-Site Scripting

Published

2014-08-01

Title

Alpine PhotoTile For Instagram <= 1.2.6.5 - Cross-Site Scripting (XSS)

Published

2023-03-17

Title

WP Express Checkout < 2.2.9 - Admin+ Stored XSS

Published

2022-07-18

Title

YaySMTP < 2.2.2 - Admin+ Stored Cross-Site Scripting