WPCargo Track & Trace < 6.9.5 – Admin+ Stored Cross Site Scripting | CVE 2022-1435 | Plugin Vulnerabilities

Description

The plugin does not sanitize and escapes some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed.

Proof of Concept

Admin Email Settings -> Client Email Settings > Domain Email, Mail To, Cc, Bcc, Subject
Admin Email Settings -> Domain Email, Mail To, Subject

The parameter vulnerable is: wpcargo_mail_domain, wpcargo_mail_settings, wpcargo_mail_to,wpcargo_email_cc,wpcargo_email_bcc

Payload: test"><script>alert(document.cookie)</script>test

Affects Plugins

Fixed in 6.9.5

References

CVE

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CVSS

Miscellaneous

Original Researcher

Raul

Submitter

Raul

Verified

Yes

WPVDB ID

ef5aa8a7-23a7-4ce0-bb09-d9c986386114

Timeline

Publicly Published

2022-04-25 (about 2 years ago)

Added

2022-04-25 (about 2 years ago)

Last Updated

2023-02-06 (about 1 years ago)

Other

Published

Title

Published

2021-09-13

Title

Comments - wpDiscuz < 7.3.2 - Admin+ Stored Cross-Site Scripting

Published

2024-03-15

Title

WP Armour < 2.1.14 - Reflected XSS

Published

2023-08-09

Title

EmbedPress < 3.8.3 - Contributor+ Stored Cross-Site Scripting via Shortcode

Published

2021-10-18

Title

Insert Pages < 3.7.0 - Contributor+ Stored Cross-Site Scripting

Published

2024-04-15

Title

WP Cost Estimation & Payment Forms Builder < 10.1.76 - Reflected Cross-Site Scripting