Skip to content
/ CVE-2022-1051 Public

WPQA < 5.2 - Subscriber+ Stored Cross-Site Scripting via Profile fields

2 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

V35HR4J/CVE-2022-1051

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
README.md
README.md
 
 

Repository files navigation

CVE-2022-1051

WPQA < 5.2 - Subscriber+ Stored Cross-Site Scripting via Profile fields

Description

The plugin, used as a companion plugin for the Discy and Himer themes, does not sanitise and escape the city, phone or profile credentials fields when outputting it in the profile page, allowing any authenticated user to perform Cross-Site Scripting attacks.

Proof of Concept

Edit your profile and add the following payload in one of the unescaped fields. <img src onerror=alert(/XSS/)> Upon visiting your profile, XSS will be triggered

Fixed in version 5.2

References:

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1051

https://wpscan.com/vulnerability/cb2fa587-da2f-460e-a402-225df7744765

Video POC:

https://www.youtube.com/watch?v=hoy9MYoki7k

About

WPQA < 5.2 - Subscriber+ Stored Cross-Site Scripting via Profile fields

Resources

Readme
Activity

Stars

2 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published