Rencontre < 3.2.2 - Authenticated Stored XSS via facebook parameter & SQL Injection



Description
An authenticated persistent cross-site scripting vulnerability has been found in the web interface of the plugin that allows the execution of arbitrary HTML/script code to be executed in the victim's browser when they visit the web site.
Proof of Concept
# Affected Version ~ Version: <= 3.1.3

# Reproduction Steps:

1. Login in WordPress and go to Plugin page
2. Under the "Framework for the Facebook Like button" there is a text area
3. Enter/paste the payload & save

# POC:
Prameter: facebook
Payload: </textarea></td><script>alert('XSS')</script>//
Encoded-Payload: %3C%2Ftextarea%3E%3C%2Ftd%3E%3Cscript%3Ealert%28%27XSS%27%29%3C%2Fscript%3E%2F%2F

Affects Plugin

fixed in version 3.2.2

References

URL https://gist.github.com/Sathishshan/467cd9c53c47005347478bdef088ad6b

Classification

Type MULTI

Miscellaneous

Original Researcher Sathish Shan
Submitter Sathish Shan
Submitter Website https://medium.com/@sathish_shan
Submitter Twitter sathishshans
Views 365
Verified No
WPVDB ID 9968

Timeline

Publicly Published 2019-08-03 (11 months ago)
Added 2019-12-08 (7 months ago)
Last Updated 2019-12-09 (7 months ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin