WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

WP DoNotTrack <= 0.8.8 - Authenticated (admin+) Stored XSS

Description

The plugin does not validate or escape its Blacklist and Whitelist settings, allowing high privilege users such as admin to set JavaScript payload in them, even when the unfiltered_html capability is disallowed, leading to Stored Cross-Site Scripting issues

Proof of Concept

Add the payload below in the Blacklist or Whitelist setting of the plugin (wp-admin/options-general.php?page=dnt_settings_page)

" style=animation-name:rotation onanimationstart=alert(/XSS/)//

Affects Plugins

wp-donottrack
No known fix - plugin closed

References

URL
https://m0ze.ru/vulnerability/[2021-05-03]-[WordPress]-[CWE-79]-WP-DoNotTrack-WordPress-Plugin-v0.8.8.txt

Classification

Type

XSS

OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79

Miscellaneous

Original Researcher

m0ze

Verified

Yes

WPVDB ID
c20ae1f2-3880-4f41-8a99-b02a26809e5f

Timeline

Publicly Published

2021-06-13 (about 1 years ago)

Added

2021-06-29 (about 1 years ago)

Last Updated

2022-03-05 (about 1 years ago)

Our Other Services

WPScan WordPress Security Plugin