WordPress Plugin Vulnerabilities

DSGVO All in one for WP < 4.2 - Admin+ Stored Cross-Site Scripting

Description

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

Proof of Concept

Go the DSGVO AIO > Settings Cookie Notice settings and enabled them, then put the following payload in any of the Button Text settings (such as "Button Text (Accept)", "Button Text (Personalize)" and "Button Text (Reject)"): <img src onerror=alert(/XSS/)> 

The XSS will be trigged in any frontend page

Affects Plugins

Plugin icon
dsgvo-all-in-one-for-wp
Fixed in 4.2

References

CVE
CVE-2022-2628

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
3.4 (low)

Miscellaneous

Original Researcher
Asif Nawaz Minhas
Submitter
Asif Nawaz Minhas
Submitter website
https://www.hackpertise.com/
Verified
Yes
WPVDB ID
e712f83e-b437-4bc6-9511-2b0290ed315d

Timeline

Publicly Published
2022-09-12 (about 1 years ago)
Added
2022-09-12 (about 1 years ago)
Last Updated
2022-09-13 (about 1 years ago)

Other

Published
Title
Published
2023-12-07
Title
Multiple Plugins by KlbTheme - Reflected Cross-Site Scripting
Published
2023-05-11
Title
LetterPress <= 1.2.1 - Admin+ Stored Cross-Site Scripting
Published
2022-03-09
Title
Profile Builder < 3.6.8 - Admin+ Stored Cross-Site Scripting
Published
2022-09-05
Title
Slider Hero < 8.4.4 - Admin+ Stored Cross-Site Scripting
Published
2018-04-24
Title
Responsive Cookie Consent <= 1.7 - Authenticated Stored Cross-Site Scripting (XSS)