NPS computy < 2.7.6 – Admin+ Stored XSS | CVE 2024-1754 | Plugin Vulnerabilities

Description

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

Proof of Concept

1. Go to "Settings > NPS Monitoring" 
2. Add the payload `"><script>alert(3)</script>` in the "Title" field
3. Add the `[nps-computy]` shortcode to a page and view to see the XSS.

Affects Plugins

Fixed in 2.7.6

References

CVE

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

Miscellaneous

Original Researcher

Bob Matyas

Submitter

Bob Matyas

Submitter website

https://www.bobmatyas.com

Submitter twitter

Verified

Yes

WPVDB ID

c061e792-e37a-4cf6-b46b-ff111c5a5c84

Timeline

Publicly Published

2024-03-25 (about 1 months ago)

Added

2024-03-25 (about 1 months ago)

Last Updated

2024-04-01 (about 28 days ago)

Other

Published

Title

Published

2022-01-27

Title

Price Table <= 0.2.2 - Contributor+ Stored Cross-Site Scripting

Published

2021-11-08

Title

PDF.js Viewer < 2.0.2 - Contributor+ Stored Cross-Site Scripting

Published

2022-12-01

Title

Google Apps Login < 3.4.5 - Admin+ Stored XSS

Published

2022-11-17

Title

Flat PM < 3.0.13 - Reflected Cross-Site Scripting

Published

2023-03-20

Title

Simple Giveaways < 2.45.1 - Admin+ Stored XSS