WP Post Popup <= 3.7.3 – Admin+ Stored XSS | CVE 2023-4808 | Plugin Vulnerabilities

Description

The plugin does not sanitise and escape some of its inputs, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

Proof of Concept

Enter the following payload in the Close Button field in the plugin settings.

`<img src=s onerror=alert("XSS")>`

Save the settings and visit the homepage to see the XSS.

Affects Plugins

No known fix

References

CVE

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CVSS

Miscellaneous

Original Researcher

Abhijith A

Submitter

Abhijith A

Submitter website

https://www.linkedin.com/in/abhijith-a-2020/

Submitter twitter

Verified

Yes

WPVDB ID

bb8e9f06-477b-4da3-b5a6-4f06084ecd57

Timeline

Publicly Published

2023-10-27 (about 2 years ago)

Added

2023-10-27 (about 2 years ago)

Last Updated

2023-10-27 (about 2 years ago)

Other

Published

Title

Published

2024-05-30

Title

Just Writing Statistics < 4.6 - Authenticated (Admin+) Stored Cross-Site Scripting

Published

2023-05-16

Title

Chaty < 3.1 - Admin+ Stored Cross-Site Scripting

Published

2023-07-13

Title

Buy Me a Coffee < 3.7 - Subscriber+ Stored Cross-Site Scripting

Published

2024-11-08

Title

SV Forms <= 2.0.05 - Authenticated (Contributor+) Stored Cross-Site Scripting

Published

2022-08-22

Title

WBW Currency Switcher for WooCommerce < 1.6.6 - Admin+ Stored XSS