WordPress Plugin Vulnerabilities
Image Hover Effects < 5.5 - Admin+ Stored XSS
Description
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
Proof of Concept
Go to the plugin settings (Image Hover Effects > Image Hover Effects) and put the following payload in any input field (such as Category Name, Caption Description, Caption Heading, etc.) and save: "><img src=x onerror=alert(/XSS/)> The XSS will be triggered when accessing the settings again, as well as in posts/pages where the caption is embedded via shortcode.
Affects Plugins
Fixed in version 5.5
References
Classification
Miscellaneous
Original Researcher
Asif Nawaz Minhas
Submitter
Asif Nawaz Minhas
Submitter website
Verified
Yes
Timeline
Publicly Published
2022-11-16 (about 6 months ago)
Added
2022-11-16 (about 6 months ago)
Last Updated
2023-02-20 (about 3 months ago)