All-in-One Addons for Elementor – WidgetKit < 2.4.4 – Admin+ Stored XSS | CVE 2022-4256 | Plugin Vulnerabilities

Description

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

Proof of Concept

Go to WidgetKit -> API Keys, put the following payload in the fields and click Activate: "><script>alert(/xss/)</script><

The XSS will be triggered when accessing the page again

Affects Plugins

widgetkit-for-elementor

Fixed in 2.4.4

References

CVE

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CVSS

Miscellaneous

Original Researcher

iohex

Submitter

iohex

Submitter twitter

Verified

Yes

WPVDB ID

f5b17c68-c2b0-4d0d-bb7b-19dc30511a89

Timeline

Publicly Published

2022-12-06 (about 1 years ago)

Added

2022-12-06 (about 1 years ago)

Last Updated

2022-12-06 (about 1 years ago)

Other

Published

Title

Published

2022-08-10

Title

SP Project & Document Manager < 4.62 - Reflected Cross-Site Scripting

Published

2017-01-26

Title

WordPress 4.3.0-4.7.1 - Cross-Site Scripting (XSS) in posts list table

Published

2021-04-16

Title

All 404 Redirect to Homepage < 1.21 - Authenticated Reflected Cross-Site Scripting (XSS)

Published

2014-08-01

Title

Blue Wrench Video Widget 1.0.2 - Multiple Stored Cross-Site Scripting (XSS)

Published

2016-09-07

Title

WordPress 2.5-4.6 - Authenticated Stored Cross-Site Scripting via Image Filename