WordPress Plugin Typebot 1.4.3 - Stored Cross Site Scripting (XSS) (Authenticated)

vendor:

Typebot

by:

Mansi Singh

8.8

CVSS

HIGH

Stored Cross Site Scripting (XSS)

CWE

Product Name: Typebot

Affected Version From: 1.4.2003

Affected Version To: 1.4.2003

Patch Exists: YES

Related CWE:

CPE: 2.3:a:wordpress:typebot

Metasploit:

Other Scripts:

Platforms Tested: Windows

2021

WordPress Plugin Typebot 1.4.3 – Stored Cross Site Scripting (XSS) (Authenticated)

A stored cross-site scripting (XSS) vulnerability was discovered in WordPress Plugin Typebot version 1.4.3. An authenticated user with the ability to modify the 'Publish ID or Full URL' setting can inject a malicious JavaScript payload which will be stored in the database and executed when the same functionality is triggered.

Mitigation:

Update to the latest version of the plugin.

Source

Exploit-DB raw data:

# Exploit Title: WordPress Plugin Typebot 1.4.3 - Stored Cross Site Scripting (XSS) (Authenticated)
# Date: 29/11/2021
# Exploit Author: Mansi Singh
# Vendor Homepage: https://wordpress.org/plugins/typebot/
# Software Link: https://wordpress.org/plugins/typebot/
# Tested on Windows
# Reference: https://wpscan.com/vulnerability/2bde2030-2dfe-4dd3-afc1-36f7031a91ea

How to reproduce vulnerability:

1. Install Latest WordPress

2. Install and activate Typebot Version 1.4.3

3. Navigate to Typebot setting >> enter the payload into 'Publish ID or Full URL'.

4. Enter JavaScript payload which is mentioned below
"><img src=x onerror=confirm(1)>

5. You will observe that the payload successfully got stored into the database and when you are triggering the same functionality at that time JavaScript payload gets executed successfully and we'll get a pop-up.