Open Graph for Facebook, Google+ and Twitter Card Tags <= 2.2.4 – Authenticated Reflected XSS | CVE 2018-0579 | Plugin Vulnerabilities

Description

There is a reflected XSS vulnerability caused by "Open Graph for Facebook, Google+ and Twitter Card Tags" in the wd_fb_og_error parameter on a GET request when editing a post.

This can be exploited by tricking an authenticated Wordpress administrator into clicking a malicious link.

This vulnerability has been fixed in version 2.2.4.1. To remediate, just update the plugin.

Proof of Concept

Navigate to this link while authenticated as a Wordpress administrator:

https://example.com/wp-admin/post.php?post=20&action=edit&wd_fb_og_status=-2&wd_fb_og_error=<script>alert(1)<%2Fscript>

Affects Plugins

wonderm00ns-simple-facebook-open-graph-tags

Fixed in 2.2.4.1

References

CVE

URL

https://jvn.jp/en/jp/JVN08386386/index.html

URL

https://plugins.trac.wordpress.org/changeset/1861290/wonderm00ns-simple-facebook-open-graph-tags

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CVSS

Miscellaneous

Submitter

hakluke

Submitter twitter

Verified

No

WPVDB ID

ca030331-538b-4b3c-bcf9-b5ba33907732

Timeline

Publicly Published

2018-06-20 (about 7 years ago)

Added

2018-06-21 (about 7 years ago)

Last Updated

2020-09-22 (about 5 years ago)

Other

Published

Title

Published

2025-03-27

Title

LeadConnector < 3.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

Published

2024-05-07

Title

Link Library < 7.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via link-library Shortcode

Published

2021-03-24

Title

MapifyLite & MapifyPro < 4.0.0 - Authenticated Stored Cross-Site Scripting (XSS)

Published

2024-10-07

Title

Easy Mega Menu Plugin for WordPress – ThemeHunk < 1.1.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting

Published

2024-11-08

Title

Posts Filter <= 1.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting