CVE-2022-41315 Auth. Stored Cross-Site Scripting (XSS) vulnerability in Ezoic plugin <= 2.8.8 on WordPress.

CVE-2022-41315 Auth. Stored Cross-Site Scripting (XSS) vulnerability in Ezoic plugin <= 2.8.8 on WordPress.

An attacker can inject malicious code into website via XSS vulnerability.

Possibilities of XSS in Ezoic WordPress Plugin.

Password information can be leaked

User details can be stolen

Admin privileges can be accessed

EZoic WordPress Plugin XSS vulnerabilities can be exploited by hackers to get illegal profit in the form of cryptocurrency.

EZoic plugin installs from a directory other than the plugin directory.

XSS in Ezoic WordPress plugin can be exploited by hackers to conduct a DDOS attack.

EZoic plugin stores Admin login and password in plain text.

EZoic plugin does not perform validation on user-supplied input.

EZoic plugin does not verify the integrity of the download.

EZoic plugin lacks a preventative measure against XSS.

How EZoic WordPress Plugin Works?

EZoic WordPress plugin is a free plugin that lets you create an interactive website. It has many features, including the option to change your site theme and style, as well as SEO optimization tools. The plugin also includes widgets, shortcodes and gallery plug-ins that allow you to display even more content on your website. But it's not just about fancy features: EZoic is also very easy to use. It only takes a few minutes for newbies to get started with the software, thanks to its well-designed interface that makes it easy for anyone to navigate the software without having any prior experience in web design.

Ezoic WordPress Plugin XSS vulnerabilities can be exploited by hackers to conduct a DDOS attack.

Possible risks of Ezoic WordPress Plugin XSS vulnerabilities:
1) User details can be stolen
2) Admin privileges can be accessed
3) Password information can be leaked

References

Subscribe to CVE.news
Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe