WordPress Plugin Vulnerabilities
WPQA < 5.2 - Subscriber+ Stored Cross-Site Scripting via Profile fields
Description
The plugin, used as a companion plugin for the Discy and Himer themes, does not sanitise and escape the city, phone or profile credentials fields when outputting it in the profile page, allowing any authenticated user to perform Cross-Site Scripting attacks.
Proof of Concept
Edit your profile and add the following payload in one of the unescaped fields. <img src onerror=alert(/XSS/)> Upon visiting your profile, XSS will be triggered
Affects Plugins
References
CVE
YouTube Video
Classification
Type
XSS
OWASP top 10
CWE
CVSS
Miscellaneous
Original Researcher
Veshraj Ghimire
Submitter
Veshraj Ghimire
Submitter website
Submitter twitter
Verified
Yes
WPVDB ID
Timeline
Publicly Published
2022-04-21 (about 2 years ago)
Added
2022-04-21 (about 2 years ago)
Last Updated
2022-05-07 (about 2 years ago)