WordPress Plugin Vulnerabilities
Backup and Staging by WP Time Capsule < 1.22.7 - Reflected Cross-Site Scripting
Description
The plugin does not sanitise and escape the error parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting
Proof of Concept
Once the "Server Requirements" are passed in the initial setup process (you can bypass the check for localhosts by editing the is_localhost function in the same file for testing purpose) the vulnerability can be triggered at any time in an admin's panel using an URI with JavaScript content inserted in the error parameter such as : https://example.com/wp-admin/admin.php?page=wp-time-capsule&error="><script>alert(/XSS/)</script>&cloud_auth_action=g_drive
Affects Plugins
References
Classification
Type
XSS
OWASP top 10
CWE
CVSS
Miscellaneous
Original Researcher
Jeremie Amsellem
Submitter
Jeremie Amsellem
Submitter website
Submitter twitter
Verified
Yes
WPVDB ID
Timeline
Publicly Published
2021-12-21 (about 2 years ago)
Added
2021-12-21 (about 2 years ago)
Last Updated
2022-04-13 (about 2 years ago)