WordPress Plugin Vulnerabilities

WP Born Babies <= 1.0 - Contributor+ Stored Cross-Site Scripting

Description

The plugin does not sanitise and escape some of its fields, which could allow users with a role as low as contributor to perform Cross-Site Scripting attacks

Proof of Concept

Affects Plugins

Plugin icon
wp-born-babies
No known fix

References

CVE
CVE-2022-1506

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
6.8 (medium)

Miscellaneous

Original Researcher
Wejdan Alomari
Submitter
Wejdan Alomari
Verified
Yes
WPVDB ID
ee4f6786-27e4-474c-85e0-715b0c0f2776

Timeline

Publicly Published
2022-05-16 (about 3 years ago)
Added
2022-05-16 (about 3 years ago)
Last Updated
2023-02-06 (about 2 years ago)

Other

Published
Title
Published
2024-06-18
Title
EmbedSocial – Social Media Feeds, Reviews and Galleries < 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2025-02-22
Title
Front End Users < 3.2.31 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2024-11-20
Title
Dynamic "To Top" 3.5.2 - Authenticated (Administrator+) Stored Cross-Site Scripting
Published
2021-08-18
Title
Jock on air now < 5.6.3 - Authenticated Stored Cross-Site Scripting
Published
2024-08-28
Title
The Plus Addons for Elementor Page Builder Lite < 5.6.3 - Authenticated (Author+) Stored Cross-Site Scripting