Lucene search
Numan RajkotiyaWPEX-ID:090A3922-FEBC-4294-82D2-D8339D461893HistoryJan 17, 2023 - 12:00 a.m.
Calculated Fields Form < 1.1.151 - Admin+ Stored Cross-Site Scripting via Dropdown Fields
2023-01-1700:00:00
Numan Rajkotiya
49
calculated fields form
admin
stored cross-site scripting
dropdown fields
wordpress
0.0004 Low
EPSS
Percentile
14.2%
The plugin does not sanitise and escape some of its form settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) Partial fixes were implemented in versions 1.1.148, 1.1.150, and 1.1.151.
The following steps work on version 1.1.147, before any partial fixes.
1. Go to the "Calculated Fields Form" page in WP Admin.
2. Under "New Form", add an "Item Name" and choose "From Template".
3. Choose the template "DropDown fields with Images" and click "Use It".
4. Click on the first field (`fieldname1`) and in the Field Settings sidebar on the left, change the `Text` field on one of the choices to `<img src="x" onerror=alert(/XSS/)>`.
5. After saving , either preview the Form, or view a post/page with the form embed to trigger the XSSRelated
prion
prion
Cross site scripting
2024-01-16 16:15:00
cve
cve
CVE-2023-0389
2024-01-16 16:15:10
cvelist
cvelist
wpvulndb
wpvulndb
nvd
nvd
CVE-2023-0389
2024-01-16 16:15:10
wordfence
wordfence