Arigato Autoresponder and Newsletter < 2.1.7.2 – Admin+ Stored XSS | CVE 2023-0543 | Plugin Vulnerabilities

Description

The plugin does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.

Proof of Concept

1. Go to the Mailing list option and register a new user with the value "autofocus onfocus=alert(1)// on the email and name fields
2. Click on edit subscriber, and the XSS will be reflected

Affects Plugins

bft-autoresponder

Fixed in 2.1.7.2

References

CVE

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CVSS

Miscellaneous

Original Researcher

Felipe Restrepo Rodriguez, Joaquin Pochat y Gabriel Calle

Submitter

Felipe Restrepo Rodriguez, Joaquin Pochat y Gabriel Calle

Submitter website

https://pfelilpe.com

Submitter twitter

Verified

Yes

WPVDB ID

e3771938-40b5-4e8b-bb5a-847131a2b4a7

Timeline

Publicly Published

2023-01-31 (about 2 years ago)

Added

2023-01-31 (about 2 years ago)

Last Updated

2023-01-31 (about 2 years ago)

Other

Published

Title

Published

2022-03-01

Title

dTabs <= 1.4 - Reflected Cross-Site Scripting

Published

2024-12-11

Title

Simple Payment < 2.3.8 - Reflected Cross-Site Scripting

Published

2023-05-15

Title

Survey Maker < 3.4.7 - Reflected XSS

Published

2024-01-19

Title

GigPress <= 2.3.29 - Admin+ Stored Cross Site Scripting

Published

2024-12-17

Title

Photo Gallery, Images, Slider in Rbs Image Gallery < 3.2.22 - Contributor+ Stored XSS