DPD Baltic Shipping by DPD

DPD Baltic Shipping by DPD <= 1.2.11 - Admin+ Stored XSS

LANACOMMONVDB ID: e29bd05b-cffb-4b9d-9a44-7605aea16c73

The plugin does not sanitize and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting (XSS) attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

Proof of Concept

Put the following payload in the Name field of WooCommerce > Settings > DPD > Warehouses:

"><script>alert(/XSS/);</script>

Fill the other fields with dummy data and save.

References

Source Code: https://wordpress.org/plugins/woo-shipping-dpd-baltic/

CVE: CVE-2022-4000

Attributes

Catgory: WordPress Plugin

Discovered: 2022-09-07

Published: 2022-11-16

Affected Version: <= 1.2.11

Classification

Type: Cross-Site Scripting (XSS)

Researcher

Name: István Márton

Email: [email protected]