Lucene search

K
wpvulndbMiguel SantarenoWPVDB-ID:FA4EEA26-0611-4FA8-A947-F78DDF46A56A
HistoryJan 10, 2024 - 12:00 a.m.

EventON (Free < 2.2.7, Premium < 4.5.5) - Admin+ Stored Cross-Site Scripting

2024-01-1000:00:00
Miguel Santareno
wpscan.com
3
eventon
free version
premium version
stored cross-site scripting
admin
unfiltered html
multisite setup

0.0004 Low

EPSS

Percentile

14.1%

Description The plugin does not sanitize and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

PoC

1. Go to the EventON Lite settings and create/activate a custom metadata field. 2. Then, insert the new custom metadata field. 3. Create a new Event itself and for the the Custom Meta Field value, insert the payload " style=animation-name:rotation onanimationstart=alert(/XSS/)// 4.The Stored XSS will be triggered when editing the event again.

CPENameOperatorVersion
eq4.5.5
eq2.2.7

0.0004 Low

EPSS

Percentile

14.1%

Related for WPVDB-ID:FA4EEA26-0611-4FA8-A947-F78DDF46A56A