WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

WPCargo Track & Trace < 6.9.5 - Reflected Cross Site Scripting

Description

The plugin does not sanitise and escape the wpcargo_tracking_number parameter before outputting it back in the page, which could allow attackers to perform reflected Cross-Site Scripting attacks.

Proof of Concept

On a page using the [wpcargo_trackform] shortcode, append the following parameter and payload: wpcargo_tracking_number=%22%3E%3Csvg/onload=alert(/xss/)%3E

e.g: https://example.com/page-with-shortcode/?wpcargo_tracking_number=%22%3E%3Csvg/onload=alert(/xss/)%3E

Affects Plugins

wpcargo
Fixed in version 6.9.5

References

CVE
CVE-2022-1436

Classification

Type

XSS

OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79

Miscellaneous

Original Researcher

Raul

Submitter

Raul

Verified

Yes

WPVDB ID
d5c6f894-6ad1-46f4-bd77-17ad9234cfc3

Timeline

Publicly Published

2022-04-25 (about 2 months ago)

Added

2022-04-25 (about 2 months ago)

Last Updated

2022-04-25 (about 2 months ago)

Our Other Services

WPScan WordPress Security Plugin