WP Social Sharing <= 2.2 – Admin+ Stored XSS | CVE 2022-4198 | Plugin Vulnerabilities

Description

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

Proof of Concept

1. Go to Settings » WP Social Sharing page of the plugin, enter the following payload into the input box named 'Default share image': x" onerror="alert(/XSS/)"

2. Click 'Save Changes' and refresh the page to see the XSS popup.

Affects Plugins

wp-social-sharing

No known fix

References

CVE

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CVSS

Miscellaneous

Original Researcher

zhangyunpei and Yeting Li VARAS@IIE

Submitter

zhangyunpei

Verified

Yes

WPVDB ID

ba372400-96f7-45a9-9e89-5984ecc4d1e2

Timeline

Publicly Published

2022-12-07 (about 1 years ago)

Added

2022-12-07 (about 1 years ago)

Last Updated

2022-12-07 (about 1 years ago)

Other

Published

Title

Published

2023-04-21

Title

Redirect After Login <= 0.1.9 - Admin+ Stored XSS

Published

2021-10-04

Title

Coming Soon, Under Construction & Maintenance Mode By Dazzler < 1.6.7 - Admin+ Stored Cross-Site Scripting

Published

2023-04-18

Title

Pretty Url <= 1.5.4 - Admin+ Stored XSS in plugin settings

Published

2023-06-01

Title

Bookly < 21.8 - Admin+ Stored Cross-Site Scripting via service titles

Published

2021-12-11

Title

AMP for WP < 1.0.77.32 - Admin+ Stored Cross-Site Scripting