IgniteUp <= 3.4.1 – Admin+ Stored Cross-Site Scripting | CVE 2022-0898 | Plugin Vulnerabilities

Description

The plugin does not sanitise and escape some fields when high privilege users don't have the unfiltered_html capability, which could lead to Stored Cross-Site Scripting issues

Proof of Concept

Customise a template from the plugin (/wp-admin/admin.php?page=cscs_templates) and put the following payload in the Paragraph Text or Descriptive Text field (depending on the template): <script>alert(/XSS/)</script>

XSS will be trigged when previewing, as well as when the "Enable Coming Soon or Site Offline" general option is enabled and the frontend is accessed

Affects Plugins

No known fix

References

CVE

YouTube Video

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CVSS

Miscellaneous

Original Researcher

Kaushalendra Dubey

Submitter

Kaushalendra Dubey

Submitter twitter

Verified

Yes

WPVDB ID

f51d8345-3927-4be2-8145-e201371c8c43

Timeline

Publicly Published

2022-04-13 (about 3 years ago)

Added

2022-04-13 (about 3 years ago)

Last Updated

2022-04-18 (about 3 years ago)

Other

Published

Title

Published

2014-08-01

Title

Better WP Security 3.4.3 - Multiple XSS

Published

2024-03-28

Title

Sydney Toolbox < 1.27 - Authenticated (Contributor+) Stored Cross-Site Scripting via _id

Published

2023-10-25

Title

Download CloudNet360 <= 3.2.0 - Reflected Cross-Site Scripting

Published

2025-01-05

Title

Paytm Payment Donation < 2.3.2 - Reflected Cross-Site Scripting

Published

2024-07-01

Title

Rife Elementor Extensions & Templates < 1.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Writing Effect Headline Widget