WordPress Plugin CP Blocks 1.0.14 - Stored Cross Site Scripting (XSS)

vendor:

CP Blocks

by:

Shweta Mahajan

4.8

CVSS

MEDIUM

Stored Cross Site Scripting (XSS)

CWE

Product Name: CP Blocks

Affected Version From: 1.0.14

Affected Version To: 1.0.14

Patch Exists: YES

Related CWE: CVE-2022-0448

CPE: 2.3:a:wordpress:cp_blocks:1.0.14

Metasploit:

Other Scripts:

Platforms Tested: Windows

2022

WordPress Plugin CP Blocks 1.0.14 – Stored Cross Site Scripting (XSS)

A stored XSS vulnerability was discovered in WordPress Plugin CP Blocks version 1.0.14. An attacker can inject malicious JavaScript payload into the 'License ID' field, which will be stored in the database. When the same functionality is triggered, the payload will be executed, resulting in a pop-up.

Mitigation:

Update to the latest version of the plugin.

Source

Exploit-DB raw data:

# Exploit Title: WordPress Plugin CP Blocks 1.0.14 - Stored Cross Site Scripting (XSS)
# Date: 2022-02-02
# Exploit Author: Shweta Mahajan
# Vendor Homepage: https://wordpress.org/plugins/cp-blocks/
# Software Link: https://wordpress.org/plugins/cp-blocks/
# Tested on Windows
# CVE: CVE-2022-0448
# Reference:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0448
https://wpscan.com/vulnerability/d4ff63ee-28e6-486e-9aa7-c878b97f707c

How to reproduce vulnerability:

1. Install Latest WordPress

2. Install and activate CP Blocks Version 1.0.14

3. Navigate to CP Blocks - License >> enter the payload into 'License ID'.

4. Enter JavaScript payload which is mentioned below
   "><script>alert(0)</script>

5. You will observe that the payload successfully got stored into the
    database and when you are triggering the same functionality at that
    time JavaScript payload gets executed successfully and we'll get a
    pop-up.