WordPress Plugin Vulnerabilities

Login Logout Menu <= 1.3.3 - Contributor+ Stored XSS in Shortcode

Description

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks

Proof of Concept

[login edit_tag=' onmouseover="alert(1)"']

Affects Plugins

Plugin icon
baw-login-logout-menu
No known fix

References

CVE
CVE-2022-4622

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
6.8 (medium)

Miscellaneous

Original Researcher
Lana Codes
Submitter
Lana Codes
Submitter website
https://lana.codes/
Submitter twitter
LanaCodes
Verified
Yes
WPVDB ID
ea055ed4-324d-4d77-826a-b6f814413eb2

Timeline

Publicly Published
2023-01-25 (about 1 years ago)
Added
2023-01-25 (about 1 years ago)
Last Updated
2023-01-25 (about 1 years ago)

Other

Published
Title
Published
2023-11-15
Title
Daily Prayer Time < 2023.10.21 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode
Published
2015-10-09
Title
WPBakery Page Builder < 4.7.4 - Multiple Unspecified Cross-Site Scripting (XSS)
Published
2022-01-05
Title
WPLegalPages < 2.7.1 - Subscriber+ Arbitrary Settings Update to Stored XSS
Published
2024-02-29
Title
Exclusive Addons for Elementor < 2.6.9.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Timer Widget
Published
2023-02-13
Title
Twitch Player < 2.1.1 - Admin+ Stored XSS