CVE-2022-2629 The Top Bar WordPress plugin before 3.0.4 does not sanitize and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks.

When Top Bar is outputting settings with unfiltered_html enabled, these settings are not escaping and are not being sanitised before output. This could lead to XSS vulnerabilities in the frontend. In the latest stable version (3.0.4), unfiltered_html has been disabled by default. If you are using an older version, you must turn it off in your plugin’s settings.
When Top Bar is outputting settings in frontend pages, these settings are not escaping and are not being sanitised before output. This could lead to XSS vulnerabilities in the frontend. In the latest stable version (3.0.4), settings sanitisation has been disabled by default. If you are using an older version, you must turn it off in your plugin’s settings. Top Bar plugin before 3.0.4 allows high privilege users such as administrator to access the content settings page and change the value of the ‘unfiltered_html’ setting. This could allow an attacker to run script code in the frontend of your site.
In the latest stable version (3.0.4), the content settings are only accessible to users with the ‘editor’ role.

Installing and configuring Top Bar plugin

To install the plugin, please follow these steps:
- Download the latest version of Top Bar plugin.
- Put the downloaded file in your wp-content/plugins folder.
- Activate the plugin through the 'Plugins' menu in WordPress.
- Special permissions like ‘editor’ or ‘administrator’ must be assigned to users before they can access content settings.

Description of the issue

The Top Bar plugin before 3.0.4 allows high privilege users such as administrator to access the content settings page and change the value of the ‘unfiltered_html’ setting. This could allow an attacker to run script code in the frontend of your site. The latest stable version (3.0.4) only permits users with the ‘editor’ role to change this setting and access content settings.

How to Install and Setup Top Bar Plugin

Top Bar Plugin is an easy to use plugin that allows you to display content from your WordPress website in the top bar of your site. It can display any content from posts and pages, including images, videos, and other themes and plugins.

Timeline

Published on: 10/10/2022 21:15:00 UTC
Last modified on: 10/11/2022 18:05:00 UTC

References

• https://wpscan.com/vulnerability/25a0d41f-3b6f-4d18-b4d5-767ac60ee8a8
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-2629