WordPress Plugin Vulnerabilities

Rock Convert < 2.6.0 - Reflected Cross-Site Scripting

Description

The plugin does not sanitise and escape an URL before outputting it back in an attribute when a specific widget is present on a page, leading to a Reflected Cross-Site Scripting

Proof of Concept

On a page where the "Capture box | Rock Convert" widget is present, append ?"><script>alert(/XSS/)</script>, e.g: https://example.com/?"><script>alert(/XSS/)</script>

Affects Plugins

Plugin icon
rock-convert
Fixed in 2.6.0

References

CVE
CVE-2022-3440

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
4.7 (medium)

Miscellaneous

Original Researcher
José Ricardo
Submitter
José Ricardo
Submitter website
https://www.ricard0x.me
Verified
Yes
WPVDB ID
e39fcf30-1e69-4399-854c-4c5b6ccc22a2

Timeline

Publicly Published
2022-10-10 (about 1 years ago)
Added
2022-10-10 (about 1 years ago)
Last Updated
2022-10-10 (about 1 years ago)

Other

Published
Title
Published
2014-08-01
Title
ClickDesk <= 4.3 - Live Chat Widget Multiple Field XSS
Published
2021-09-07
Title
WP Sitemap Page < 1.7.0 - Admin+ Stored Cross Site Scripting
Published
2021-12-10
Title
WP Booking System – Booking Calendar < 2.0.15 - Authenticated Reflected Cross-Site Scripting (XSS)
Published
2024-02-13
Title
Enhanced Text Widget < 1.6.6 - Admin+ Stored XSS
Published
2022-05-18
Title
Code Snippets < 2.14.4 - Reflected Cross-Site Scripting