WordPress Plugin Vulnerabilities

ClickFunnels <= 3.1.1 - Contributor+ Stored XSS via Shortcode

Description

The plugin does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack.

Proof of Concept

[clickfunnels_embed url="javascript:alert(1)"]

Affects Plugins

Plugin icon
clickfunnels
No known fix

References

CVE
CVE-2022-4782

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
6.8 (medium)

Miscellaneous

Original Researcher
Lana Codes
Submitter
Lana Codes
Submitter website
https://lana.codes/
Submitter twitter
LanaCodes
Verified
Yes
WPVDB ID
d3a0468a-8405-4b6c-800f-abd5ce5387b5

Timeline

Publicly Published
2023-04-26 (about 1 years ago)
Added
2023-04-26 (about 1 years ago)
Last Updated
2023-04-26 (about 1 years ago)

Other

Published
Title
Published
2024-03-25
Title
Post and Page Builder by BoldGrid – Visual Drag and Drop Editor Plugin < 1.26.3 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2022-06-06
Title
Nested Pages < 3.1.21 - Admin+ Stored Cross Site Scripting
Published
2023-10-09
Title
Memberlite Shortcodes < 1.3.9 - Contributor+ Stored XSS via Shortcode
Published
2023-12-26
Title
WP Remote Site Search < 1.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2024-04-10
Title
Save as Image < 3.2.2 - Authenticated (Admin+) Stored Cross-Site Scripting