WP Last Modified Info < 1.6.6 - Authenticated Stored XSS



Description
When saving a new campaign, a user with administrator capabilities can store scripts in the plugin's options. The code can then be executed on every page or post on the website.
Proof of Concept
An administrator can store scripts in the "Custom Message to Display on Posts" text input field. Reason for this was incorrect sanitizing and escaping the field's input. 

Video PoC: https://youtu.be/JfJX0TmxNS8

Affects Plugin

fixed in version 1.6.6

References

URL https://jrjmulder.nl/plugins/wp-last-modified-info/

Classification

Type XSS
OWASP Top 10 A7: Cross-Site Scripting (XSS)
CWE CWE-79

Miscellaneous

Original Researcher Jeroen Mulder
Submitter Jeroen Mulder
Submitter Website https://jrjmulder.nl
Views 1440
Verified No
WPVDB ID 10166

Timeline

Publicly Published 2020-04-03 (about 2 months ago)
Added 2020-04-03 (about 2 months ago)
Last Updated 2020-04-04 (about 2 months ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin