Lucene search
Mariah AlmotlagWPEX-ID:017CA231-E019-4694-AFA2-AB7F8481AE63HistoryOct 18, 2022 - 12:00 a.m.
WP Attachments < 5.0.5 - Admin+ Stored Cross-Site Scripting
2022-10-1800:00:00
Mariah Almotlag
60
wordpress
attachments
cross-site scripting
settings
media library
html injection
exploit
vulnerability
EPSS
0.001
Percentile
24.8%
The plugin does not sanitize and escapes some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example, in multisite setup).
Inject an XSS payload in the title by going to Settings Β» WP Attachments Β» Settings Β» List Head.
Now, inject XSS payload & HTML injection (<h2> myavatar<script>alert(2)</script>) in the uploaded image Title in Media Library.
Now, after opening the Post page, the browser renders the XSS payload of the attachment title and image title.
The HTML injection rendered as <h2> can be seen in source code. WordPress doesnβt execute the payload of the image name in the media, it only gets executed by the wp-attachment in the post. Related
prion
prion
Cross site scripting
2022-11-14 15:15:00
cve
cve
CVE-2022-3469
2022-11-14 15:15:48
nvd
nvd
CVE-2022-3469
2022-11-14 15:15:48
patchstack
patchstack
wpvulndb
wpvulndb
WP Attachments < 5.0.5 - Admin+ Stored Cross-Site Scripting
2022-10-18 00:00:00
cvelist
cvelist
CVE-2022-3469 WP Attachments < 5.0.5 - Admin+ Stored Cross-Site Scripting
2022-11-14 00:00:00