WordPress Donorbox-Donation-Form 7.1.6 Cross Site Scripting – Torchsec
- WordPress Donorbox-Donation-Form 7.1.6 Cross Site Scripting
- Posted Mar 30, 2022
- Authored by Hassan Khan Yusufzai
-
WordPress Donorbox-Donation-Form plugin version 7.1.6 suffers from a persistent cross site scripting vulnerability.
- MD5 |
cc49f7fb4e0588e466e93168ad6343f9 - Download | Favorite | View
# Exploit Title: WordPress Plugin donorbox-donation-form 7.1.6 -
Stored Cross Site Scripting (Authenticated)
# Date: 29-03-2022
# Exploit Author: Hassan Khan Yusufzai - Splint3r7
# Vendor Homepage:
https://wordpress.org/plugins/donorbox-donation-form
# Version: 7.1.6
# Tested on: Firefox
# Contact me: h [at] spidersilk.com# Vulnerable Code:
```
public function donorbox_embed_campaign_id_settings() { ?>
name="donorbox_embed_campaign_options[donorbox_embed_campaign_id]"
type="text" value="< ?php echo $this->options['donorbox_embed_campaign_id'];
?>" class="regular-text" />
< ?php
}
```
# POC
1) Install donorbox-donation-form
2)Open donorbox plugin settings
3) Inject payload in URL field
4) XSS will trigger.
# Timeline
21/03/2022 - Vendor notified
24/03/2022 - Fix / patch
24/03/2022 - CVE Requested
29/03/2022 - Public disclosure
Gloss