WordPress Donorbox-Donation-Form 7.1.6 Cross Site Scripting

2022.03.30
Credit: Hassan Khan Yusufzai
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-79

# Exploit Title: WordPress Plugin donorbox-donation-form 7.1.6 - Stored Cross Site Scripting (Authenticated) # Date: 29-03-2022 # Exploit Author: Hassan Khan Yusufzai - Splint3r7 # Vendor Homepage: https://wordpress.org/plugins/donorbox-donation-form <https://wordpress.org/plugins/amministrazione-aperta/> # Version: 7.1.6 # Tested on: Firefox # Contact me: h [at] spidersilk.com # Vulnerable Code: ``` public function donorbox_embed_campaign_id_settings() { ?> <input name="donorbox_embed_campaign_options[donorbox_embed_campaign_id]" type="text" value="<?php echo $this->options['donorbox_embed_campaign_id']; ?>" class="regular-text" /> <?php } ``` # POC 1) Install donorbox-donation-form <https://wordpress.org/plugins/amministrazione-aperta/> WordPress plugin 2)Open donorbox plugin settings 3) Inject payload in URL field 4) XSS will trigger. # Timeline 21/03/2022 - Vendor notified 24/03/2022 - Fix / patch 24/03/2022 - CVE Requested 29/03/2022 - Public disclosure


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top