Lucene search

K
wpvulndbPallab Jyoti BorahWPVDB-ID:93FAAD5B-E1E8-4E49-B19E-B91343D68B51
HistoryAug 04, 2023 - 12:00 a.m.

Subscribers Text Counter < 1.7.1 - Settings Update via CSRF to Stored XSS

2023-08-0400:00:00
Pallab Jyoti Borah
wpscan.com
6
subscribers text counter
v1.7.1
csrf
stored xss
settings update
csrf attack
stored cross-site scripting

EPSS

0.001

Percentile

21.6%

Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack, which also lead to Stored Cross-Site Scripting due to the lack of sanitisation and escaping

PoC

Create an HTML file with the following content and have a logged in admin access it: Navigate to the plugin’s settings to trigger the XSS.

EPSS

0.001

Percentile

21.6%

Related for WPVDB-ID:93FAAD5B-E1E8-4E49-B19E-B91343D68B51