Alemha Watermarker <= 1.3.1 - Author+ Stored XSS

2024-05-2400:00:00

Erdemstar

alemha watermarker

stored xss

watermark text

author level user

payload

exploit

5.6 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

1. As an "author" level user, add a new watermark: https://example.com/wp-admin/post-new.php?post_type=watermark
2. For the field "watermark text" field, enter the payload: `"><script>alert(1)</script>`
3. Save and see the XSS