Lucene search
Manab Jyoti DowarahWPEX-ID:5CFBBDDD-D941-4665-BE8B-A54454527571HistoryMar 18, 2024 - 12:00 a.m.
SendPress Newsletters <= 1.23.11.6 - Admin+ Stored XSS via Form Settings
2024-03-1800:00:00
Manab Jyoti Dowarah
17
sendpress
newsletters
xss
stored
form settings
vulnerable parameters
exploit
javascript payload
security document
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
1. Click SendPress (which is available in left side)
2. Go to the Settings=>Forms=Create Form=>Form Type=>Signup, then click save.
3. In the Forms of Label parameters are vulnerable to Stored Cross Site Scripting.
Vulnerable parameters: Salutation Label, First Name Label, Last Name Label, Phone Number Label, E-Mail Label, Button Text, Lists Label: multiple lists only and Approval Label.
5. Payload: `"/><img src=x onerror=prompt(document.cookie)>`
6. Inject the above payload in above vulnerable parameters and save it.
7. The malicious JavaScript payload successfully executed.Related
cvelist
cvelist
wpvulndb
wpvulndb
SendPress Newsletters <= 1.23.11.6 - Admin+ Stored XSS via Form Settings
2024-03-18 00:00:00
cve
cve
CVE-2024-1589
2024-04-08 05:15:07
5.7 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
8.7%
Related for WPEX-ID:5CFBBDDD-D941-4665-BE8B-A54454527571