Lucene search
Lana CodesWPVDB-ID:1666F91D-3AA2-487D-A31B-44D051AB0124HistoryDec 21, 2022 - 12:00 a.m.
Click to Chat < 3.18.1 - Contributor+ Stored XSS
2022-12-2100:00:00
Lana Codes
wpscan.com
14
click to chat
plugin
contributor
stored xss
vulnerability
shortcode
attributes
cross-site scripting
attacks
high privilege users
admins
0.001 Low
EPSS
Percentile
23.5%
The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.
PoC
Exploit shortcode: [ht-ctc-chat pre_filled=‘" onmouseover="alert(1)’]
| CPE | Name | Operator | Version |
|---|---|---|---|
| click-to-chat-for-whatsapp | lt | 3.18.1 |
Related
cve
cve
CVE-2022-4480
2023-01-16 16:15:12
wpexploit
wpexploit
Click to Chat < 3.18.1 - Contributor+ Stored XSS
2022-12-21 00:00:00
nvd
nvd
CVE-2022-4480
2023-01-16 16:15:12
openvas
openvas
WordPress Click to Chat Plugin < 3.18.1 XSS Vulnerability
2023-03-06 00:00:00
prion
prion
Cross site scripting
2023-01-16 16:15:00
cvelist
cvelist
CVE-2022-4480 Click to Chat < 3.18.1 - Contributor+ Stored XSS
2023-01-16 15:37:48