Login Logout Menu < 1.4.0 – Contributor+ Stored XSS in Shortcode | CVE 2022-4625

Description

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.

Proof of Concept

Exploit shortcode:

[login_logout_menu__login_logout_link login_logout_class='" onmouseover="alert(1)"']

Affects Plugins

Fixed in 1.4.0

References

CVE

CVE-2022-4625

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CWE-79

CVSS

6.8 (medium)

Miscellaneous

Original Researcher

Lana Codes

Submitter

Lana Codes

Submitter website

https://lana.codes/

Submitter twitter

LanaCodes

Verified

Yes

WPVDB ID

cd6657d5-810c-4d0c-8bbf-1f8d4a2d8d15

Timeline

Publicly Published

2022-12-27 (about 1 years ago)

Added

2022-12-27 (about 1 years ago)

Last Updated

2022-12-27 (about 1 years ago)

Other

Published

Title

Published

2023-05-31

Title

Dynamic QR Code Generator <= 0.0.5 - Reflected XSS

Published

2017-07-25

Title

Weblibrarian < 3.4.8.7 - XSS

Published

2023-11-23

Title

Import Spreadsheets from Microsoft Excel < 10.1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting

Published

2022-01-10

Title

GTranslate < 2.9.7 - Reflected Cross-Site Scripting

Published

2023-10-11

Title

Charitable < 1.7.0.14 - Authenticated(Contributor+) Stored Cross-Site Scripting