vendor:
Alemha Watermarker
by:
Erdemstar
6.1
CVSS
HIGH
Stored Cross-Site Scripting (XSS)
79
CWE
Product Name: Alemha Watermarker
Affected Version From: 1.3.2001
Affected Version To: 1.3.2001
Patch Exists: NO
Related CWE: CVE-2024-XXXX (not provided in the text)
CPE: a:wordpress:alemha_watermarker:1.3.1
Other Scripts:
https://www.infosecmatter.com/why-your-exploit-completed-but-no-session-was-created-try-these-fixes/, https://www.infosecmatter.com/metasploit-module-library/?mm=exploit/windows/smb/ms17_010_eternalblue, https://www.infosecmatter.com/metasploit-module-library/?mm=auxiliary/scanner/smb/smb_enumshares, https://www.infosecmatter.com/metasploit-module-library/?mm=exploit/unix/webapp/drupal_restws_unserialize, https://www.infosecmatter.com/metasploit-module-library/?mm=exploit/unix/webapp/drupal_drupalgeddon2, https://www.infosecmatter.com/metasploit-module-library/?mm=exploit/unix/webapp/thinkphp_rce, https://www.infosecmatter.com/metasploit-module-library/?mm=exploit/windows/local/nscp_pe, https://www.infosecmatter.com/metasploit-module-library/?mm=exploit/linux/http/fortinet_authentication_bypass_cve_2022_40684, https://www.infosecmatter.com/top-25-penetration-testing-skills-and-competencies-detailed/, https://www.infosecmatter.com/metasploit-module-library/?mm=auxiliary/gather/cloud_lookup
Platforms Tested:
2024
WordPress Plugin Alemha Watermarker 1.3.1 – Stored Cross-Site Scripting (XSS)
The Alemha Watermarker Wordpress Plugin version 1.3.1 is vulnerable to Stored Cross-Site Scripting (XSS) due to insufficient sanitization of user-supplied data in the 'watermark_title' field. An attacker can insert malicious scripts in the Watermark Text field, which will execute whenever a user attempts to edit the page.
Mitigation:
Ensure all user-supplied input is properly sanitized and encoded before being stored or displayed. Regularly update the plugin to the latest version to prevent such vulnerabilities.
