Coming Soon – Under Construction <= 1.2.0 – Admin+ Stored Cross-Site Scripting | CVE 2022-1322 | Plugin Vulnerabilities

Description

The plugin does not sanitize and escape some of its settings, which could allow high-privileged users to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed

Proof of Concept

As admin, put the following payload in the "More text information" settings of the plugin: <img src onerror=alert(/XSS/)>

The XSS will be triggered in the frontend when in Coming Soon Mode

Affects Plugins

No known fix

References

CVE

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CVSS

Miscellaneous

Original Researcher

Fayçal CHENA

Submitter

Fayçal CHENA

Submitter website

https://fafachena.com/

Submitter twitter

Verified

Yes

WPVDB ID

e1724471-26bd-4cb3-a279-51783102ed0c

Timeline

Publicly Published

2022-07-26 (about 1 years ago)

Added

2022-07-26 (about 1 years ago)

Last Updated

2023-04-23 (about 1 years ago)

Other

Published

Title

Published

2023-12-27

Title

Active Products Tables for WooCommerce < 1.0.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

Published

2024-03-13

Title

Beaver Builder Addons by WPZOOM < 1.3.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Testimonials Widget

Published

2024-04-22

Title

Royal Elementor Addons and Templates < 1.3.972 - Contributor+ DOM-Based Stored Cross-Site Scripting

Published

2024-03-27

Title

Salon booking system < 9.6.3 - Unauthenticated Stored XSS

Published

2023-07-12

Title

Variation Images Gallery for WooCommerce < 2.3.4 - Reflected Cross-Site Scripting