CVE-2022-3539 The Testimonials and Super-testimonial-pro plugins before 1.0.8 are not sanitizing and escaping their settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks.

This has been fixed in WordPress version >= 2.7 and  4.8. In WordPress version 4.8 and later, super-testimonial-pro WordPress plugin before 1.0.8, it has been patched to sanitize and escape the settings, protecting its users from XSS attacks even when the unfiltered_html capability is disallowed. To fix this issue, you should upgrade your WordPress server to version 4.8 or higher. If you have not done it so far, you should do it as soon as possible.

WordPress Vulnerability and how to protect yourself

This has been fixed in WordPress version >= 2.7 and  4.8. In WordPress version 4.8 and later, super-testimonial-pro WordPress plugin before 1.0.8, it has been patched to sanitize and escape the settings, protecting its users from XSS attacks even when the unfiltered_html capability is disallowed. To fix this issue, you should upgrade your WordPress server to version 4.8 or higher. If you have not done it so far, you should do it as soon as possible.

How to check if you are vulnerable?

If you are using the unfiltered_html capability, you are vulnerable to this vulnerability. The easiest way to check if you are vulnerable is by accessing your site's source code. In order to do that, go to your site's wp-admin and type in "source." You should see a link labeled Source on the right-hand side of the screen. Click it.
This will bring up your site's source code in a new window. On the top left, you should see a section labeled "Sources." There is a text box next to it. Type in "unfiltered_html" (without quotes) into the text box and click "Go." You should see something like this:

/** * Filter all html responses when unfiltered_html is enabled */ if ( is_admin() || is_user_logged_in() ) { wp_safe_redirect(wp_get_referer()); } elseif (!is_admin() && !is_user_logged_in()) { return; } echo $content;
As soon as you enter that text, below it, under "Unfiltered HTML", you should see a red warning sign with an exclamation point on it with more information about what this means:

[!NOTE] Unfiltered HTML not allowed as per WP 4.8+ To fix this issue, please upgrade WordPress or disable unfiltered HTML in plugin settings

How to check if your WordPress version is vulnerable?

You can check if your WordPress version is vulnerable at this link.

Timeline

Published on: 11/14/2022 15:15:00 UTC
Last modified on: 11/16/2022 19:10:00 UTC

References

• https://wpscan.com/vulnerability/ab3b0052-1a74-4ba3-b6d2-78cfe56029db
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3539