WordPress IDonate Blood Request Management System 1.8.1 Cross Site Scripting

2024.02.29
Credit: Laburity Research Team
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-79

# Exploit Title: IDonate – blood request management system <=1.8.1 - Stored Cross-Site Scripting (Authenticated) # Date: 29-02-2024 # Exploit Author: Laburity Research Team # Vendor Homepage: https://wordpress.org/plugins/idonate/ # Version: <=1.8.1 # Tested on: Firefox # Contact me: contact [at] laburity.com # Summary: A cross site scripting stored vulnerability has been identified in WordPress Plugin IDonate – blood request management system version less then 1.8.1. that allows Authenticated users to run arbitrary javascript code inside WordPress using blood request management system Plugin. # POC 1- Navigate to http://localhost:10003/wp-admin/admin.php?page=idonate-setting-admin 2- Enter payload "><h1 onclick=alert(1)>XSS</h1> in Recaptcha secret key and in Recaptcha Site key 3- Click on save changes. 4- While clicking on the payload text, XSS will trigger. # Vulnerable Code: ``` public function idonate_recaptcha_secretkey_callback() { if( isset( $this->general_options['idonate_recaptcha_secretkey'] ) ){ $secretkey = $this->general_options['idonate_recaptcha_secretkey']; }else{ $secretkey = ''; } // printf( '<input type="text" id="idonate_recaptcha_secretkey" value="%s" name="idonate_general_option_name[idonate_recaptcha_secretkey]" />', $secretkey ); } ``` Secrets keys (idonate_recaptcha_secretkey) are printed without sanitization.


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top