Lucene search
Lana CodesWPEX-ID:5AB3FC58-7D1C-4BCD-8BBD-86C62A3F979CHistoryDec 29, 2022 - 12:00 a.m.
GeoDirectory < 2.2.22 - Contributor+ Stored XSS via Shortcode
2022-12-2900:00:00
Lana Codes
228
geodirectory
stored xss
shortcode
contributor+
post id
meta key
EPSS
0.001
Percentile
25.5%
The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.
Note: First, you need to add a Place, and the id is the post id of the previously added place, and the key is the meta key.
Exploit shortcode:
[gd_post_meta id='1' key='city' css_class='" onmouseover="alert(1)" style="background:red;"']
Related
cvelist
cvelist
CVE-2022-4775 GeoDirectory < 2.2.22 - Contributor+ Stored XSS via Shortcode
2023-01-23 14:32:01
wpvulndb
wpvulndb
GeoDirectory < 2.2.22 - Contributor+ Stored XSS via Shortcode
2022-12-29 00:00:00
prion
prion
Cross site scripting
2023-01-23 15:15:00
nvd
nvd
CVE-2022-4775
2023-01-23 15:15:17
cve
cve
CVE-2022-4775
2023-01-23 15:15:17