Lucene search
Sajjad ShariatiWPEX-ID:D42EFF41-096F-401D-BBFB-DCD6E08FACA5HistoryApr 12, 2023 - 12:00 a.m.
Pickup | Delivery | Dine-in date time <= 1.0.9 - Admin+ Stored XSS
2023-04-1200:00:00
Sajjad Shariati
55
stored xss
admin page
form vulnerability
injection attack
csrf
0.001 Low
EPSS
Percentile
23.7%
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
Go to this page: https://example.com/wp-admin/admin.php?page=byconsolewooodtrestro_general_settings
on this page we have multiple forms. all of them are vulnerable to stored xss.
xss payload: "><img src=x onerror=alert(document.cookie)>
vulnerable parameters: byconsolewooodtrestro_takeaway_lable , byconsolewooodtrestro_delivery_lable , byconsolewooodtrestro_dinein_lable , byconsolewooodtrestro_date_field_text , byconsolewooodtrestro_time_field_text , byconsolewooodtrestro_orders_delivered , byconsolewooodtrestro_orders_pick_up , byconsolewooodtrestro_orders_dinein , byconsolewooodtrestro_chekout_page_section_heading , byconsolewooodtrestro_chekout_page_order_type_label , byconsolewooodtrestro_chekout_page_date_label , byconsolewooodtrestro_chekout_page_time_label
After injecting these payloads and save the changes, any administrator will be targeted by visiting this page.Related
cvelist
cvelist
wpvulndb
wpvulndb
Pickup | Delivery | Dine-in date time <= 1.0.9 - Admin+ Stored XSS
2023-04-12 00:00:00
nvd
nvd
CVE-2023-0894
2023-05-08 14:15:12
cve
cve
CVE-2023-0894
2023-05-08 14:15:12
prion
prion
Cross site scripting
2023-05-08 14:15:00
wordfence
wordfence