WordPress Plugin Vulnerabilities
WPCargo Track & Trace < 6.9.5 - Admin+ Stored Cross Site Scripting
Description
The plugin does not sanitize and escapes some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed.
Proof of Concept
Admin Email Settings -> Client Email Settings > Domain Email, Mail To, Cc, Bcc, Subject Admin Email Settings -> Domain Email, Mail To, Subject The parameter vulnerable is: wpcargo_mail_domain, wpcargo_mail_settings, wpcargo_mail_to,wpcargo_email_cc,wpcargo_email_bcc Payload: test"><script>alert(document.cookie)</script>test
Affects Plugins
References
CVE
Classification
Type
XSS
OWASP top 10
CWE
CVSS
Miscellaneous
Original Researcher
Raul
Submitter
Raul
Verified
Yes
WPVDB ID
Timeline
Publicly Published
2022-04-25 (about 2 years ago)
Added
2022-04-25 (about 2 years ago)
Last Updated
2023-02-06 (about 1 years ago)