Lucene search

K
wpvulndbLana CodesWPVDB-ID:9937E369-60E8-451C-8790-1A83A59115FC
HistoryJan 10, 2023 - 12:00 a.m.

Clean Login < 1.13.7 - Contributor+ Stored XSS via Shortcode

2023-01-1000:00:00
Lana Codes
wpscan.com
11
clean login
plugin
stored xss
shortcode
contributor
cross-site scripting
admins
security vulnerability

0.001 Low

EPSS

Percentile

23.4%

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.

PoC

Note: 1. First, you need to check β€œChoose the role(s) in the registration form?” in Clean Login Settings. 2. The form and the exploit only work and appear if you are not logged in to the website. Exploit shortcode: [clean-login-register role=β€˜" onmouseover=β€œalert(1)” style=β€œdisplay:block !important; background:red;”’]

CPENameOperatorVersion
clean-loginlt1.13.7

0.001 Low

EPSS

Percentile

23.4%

Related for WPVDB-ID:9937E369-60E8-451C-8790-1A83A59115FC