WP Attachments < 5.0.6 – Admin+ Stored XSS | CVE 2022-4330

Description

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

Proof of Concept

Put the following payload in the "List Head" or "Date Format" settings of the plugin and save: "><script>alert(/XSS/)</script>

Affects Plugins

wp-attachments

Fixed in 5.0.6

References

CVE

CVE-2022-4330

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CWE-79

CVSS

3.4 (low)

Miscellaneous

Original Researcher

iohex

Submitter

iohex

Submitter twitter

iohehe

Verified

Yes

WPVDB ID

d3c39e17-1dc3-4275-97d8-543ca7226772

Timeline

Publicly Published

2022-12-21 (about 1 years ago)

Added

2022-12-21 (about 1 years ago)

Last Updated

2023-03-07 (about 1 years ago)

Other

Published

Title

Published

2015-05-20

Title

uDesign Theme 1.8.0-2.7.9 - DOM Cross-Site Scripting (XSS)

Published

2014-08-01

Title

Repagent - dewplayer-vinyl-en.swf xml Parameter XML File H&ling XSS

Published

2024-05-02

Title

ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) < 2.8.8 - Contributor+ Stored XSS

Published

2024-04-24

Title

month name translation benaceur < 2.3.8 - Admin+ Stored XSS

Published

2024-04-01

Title

Genesis Blocks < 3.1.3 - Contributor+ Stored XSS