Lucene search
Lana CodesWPVDB-ID:9937E369-60E8-451C-8790-1A83A59115FCHistoryJan 10, 2023 - 12:00 a.m.
Clean Login < 1.13.7 - Contributor+ Stored XSS via Shortcode
2023-01-1000:00:00
Lana Codes
wpscan.com
11
clean login
plugin
stored xss
shortcode
contributor
cross-site scripting
admins
security vulnerability
0.001 Low
EPSS
Percentile
23.4%
The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.
PoC
Note: 1. First, you need to check βChoose the role(s) in the registration form?β in Clean Login Settings. 2. The form and the exploit only work and appear if you are not logged in to the website. Exploit shortcode: [clean-login-register role=β" onmouseover=βalert(1)β style=βdisplay:block !important; background:red;ββ]
| CPE | Name | Operator | Version |
|---|---|---|---|
| clean-login | lt | 1.13.7 |
Related
nvd
nvd
CVE-2022-4838
2023-02-06 20:15:12
prion
prion
Cross site scripting
2023-02-06 20:15:00
cve
cve
CVE-2022-4838
2023-02-06 20:15:12
cvelist
cvelist
CVE-2022-4838 Clean Login < 1.13.7 - Contributor+ Stored XSS via Shortcode
2023-02-06 19:59:19
wpexploit
wpexploit
Clean Login < 1.13.7 - Contributor+ Stored XSS via Shortcode
2023-01-10 00:00:00