CVE-2022-3209 The id, datafilter, and others parameters in the penci_more_slist_post_ajax AJAX action are not sanitised, leading to a Reflected XSS vulnerability.

This issue could be exploited by injecting malicious code into the {id,datafilter[type],...} parameters when a user clicks on the penci_more_slist_post_ajax AJAX action. If the user has access to post or media content, this vulnerability could be exploited to inject malicious code into the user’s browser and perform phishing attacks or assemble a user list for targeted advertising. PENCI-TESTING WordPress installations against this XSS vulnerability is easy and can be done via the following steps: Install the WordPress CMS on a remote server and login via a remote client.

Access the WordPress administration dashboard and navigate to Plugins.

Click on the Activate button of the penci_more_slist_post_ajax AJAX plugin to activate it.

Click on the Add New action and select the script you want to inject.

Inject the malicious code and click on the Save button.

Access the media library and search for a post or a category.

Click on the highlighted post or category and then click on the Edit button.

In the Edit media screen, access the {id,datafilter[type]} parameters and inject malicious code.

Save the media and click on the Update button.

Access the media library and search for a post or a category.

Click on the highlighted post or category and then click on the Edit button.

In

XSS vulnerability in the penci_more_slist_post_ajax AJAX plugin

Timeline

Published on: 10/10/2022 21:15:00 UTC
Last modified on: 10/12/2022 16:46:00 UTC

XSS vulnerability in the penci_more_slist_post_ajax AJAX plugin

Timeline

References