Lucene search
Do NguyenWPEX-ID:12766537-DF59-49D6-815A-4D68265A4C4AHistoryDec 21, 2022 - 12:00 a.m.
WCK < 2.3.3 - Admin+ Stored XSS
2022-12-2100:00:00
Do Nguyen
71
xss
stored xss
wck plugin
admin
payload injection
post type
taxonomy
exploit
0.001 Low
EPSS
Percentile
23.4%
The plugin does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example, in multisite setup).
1. Create/edit a Post Type via the plugin (wp-admin/admin.php?page=cptc-page) and put the following payload in the "Singular Label" and "Plural Label" fields: <img src onerror=alert(/XSS/)>
The XSS will be triggered in all backend pages.
2. Create/edit a taximony via the plugin (/wp-admin/admin.php?page=ctc-page), put the following payload in the "Singular Label" and "Plural Label" fields: <img src onerror=alert(/XSS/)>, then tick the Attach to 'Post'
The XSS will be triggered when accessing the related taximony via the Post menu (e.g /wp-admin/edit-tags.php?taxonomy=b)
Related
cvelist
cvelist
CVE-2022-4442 WCK < 2.3.3 - Admin+ Stored XSS
2023-01-16 15:37:54
wpvulndb
wpvulndb
WCK < 2.3.3 - Admin+ Stored XSS
2022-12-21 00:00:00
nvd
nvd
CVE-2022-4442
2023-01-16 16:15:11
prion
prion
Cross site scripting
2023-01-16 16:15:00
cve
cve
CVE-2022-4442
2023-01-16 16:15:11