WordPress Plugin Vulnerabilities

Advanced Comment Form < 1.2.1 - Admin+ Authenticated Stored XSS

Description

The plugin does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.

Proof of Concept

 In the settings of the plugin, add the following payload to the text before the form:

<img src onerror=alert(/TESTXSS/)>

Affects Plugins

Plugin icon
comment-form
Fixed in 1.2.1

References

CVE
CVE-2022-3220

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
3.4 (low)

Miscellaneous

Original Researcher
Asif Nawaz Minhas
Submitter
Asif Nawaz Minhas
Submitter website
https://www.hackpertise.com/
Verified
Yes
WPVDB ID
cb6f4953-e68b-48f3-a821-a1d77e5476ef

Timeline

Publicly Published
2022-09-15 (about 1 years ago)
Added
2022-09-15 (about 1 years ago)
Last Updated
2022-09-15 (about 1 years ago)

Other

Published
Title
Published
2024-03-12
Title
ProfilePress < 4.15.3 - Contributor+ Stored Cross-Site Scripting
Published
2022-11-10
Title
WPUpper Share Buttons < 3.43 - Admin+ Stored XSS
Published
2014-08-01
Title
Count Per Day <= 3.1 - map.php map Parameter XSS
Published
2023-02-03
Title
VK All in One Expansion Unit < 9.86.0.0 - Contributor+ Stored XSS
Published
2023-11-07
Title
Product Visibility by Country for WooCommerce <= 1.4.9 - Authenticated (Administrator+) Stored Cross-Site Scripting