WP DoNotTrack <= 0.8.8 – Authenticated (admin+) Stored XSS | Plugin Vulnerabilities

Description

The plugin does not validate or escape its Blacklist and Whitelist settings, allowing high privilege users such as admin to set JavaScript payload in them, even when the unfiltered_html capability is disallowed, leading to Stored Cross-Site Scripting issues

Proof of Concept

Add the payload below in the Blacklist or Whitelist setting of the plugin (wp-admin/options-general.php?page=dnt_settings_page)

" style=animation-name:rotation onanimationstart=alert(/XSS/)//

Affects Plugins

No known fix

References

URL

https://m0ze.ru/vulnerability/[2021-05-03]-[WordPress]-[CWE-79]-WP-DoNotTrack-WordPress-Plugin-v0.8.8.txt

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CVSS

Miscellaneous

Original Researcher

m0ze

Verified

Yes

WPVDB ID

c20ae1f2-3880-4f41-8a99-b02a26809e5f

Timeline

Publicly Published

2021-06-13 (about 4 years ago)

Added

2021-06-29 (about 4 years ago)

Last Updated

2022-03-05 (about 3 years ago)

Other

Published

Title

Published

2025-03-31

Title

Cal.com <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

Published

2025-02-22

Title

Easy Charts < 1.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting

Published

2024-04-24

Title

PDF Invoices & Packing Slips for WooCommerce < 3.8.1 - Unauthenticated Stored Cross-Site Scripting

Published

2024-05-08

Title

Playlist for Youtube < 1.40 - Editor+ Stored XSS

Published

2024-11-22

Title

Formidable Forms < 6.16.2 - Reflected Cross-Site Scripting via Custom HTML Form Parameter