WordPress Donorbox-Donation-Form plugin version 7.1.6 suffers from a persistent cross site scripting vulnerability.
2fc87137716fc7ebe54874b9d582f16eba4586f4c195a3b359f3691bcccefa04# Exploit Title: WordPress Plugin donorbox-donation-form 7.1.6 -
Stored Cross Site Scripting (Authenticated)
# Date: 29-03-2022
# Exploit Author: Hassan Khan Yusufzai - Splint3r7
# Vendor Homepage:
https://wordpress.org/plugins/donorbox-donation-form
<https://wordpress.org/plugins/amministrazione-aperta/>
# Version: 7.1.6
# Tested on: Firefox
# Contact me: h [at] spidersilk.com
# Vulnerable Code:
```
public function donorbox_embed_campaign_id_settings() { ?>
<input
name="donorbox_embed_campaign_options[donorbox_embed_campaign_id]"
type="text" value="<?php echo $this->options['donorbox_embed_campaign_id'];
?>" class="regular-text" />
<?php
}
```
# POC
1) Install donorbox-donation-form
<https://wordpress.org/plugins/amministrazione-aperta/> WordPress plugin
2)Open donorbox plugin settings
3) Inject payload in URL field
4) XSS will trigger.
# Timeline
21/03/2022 - Vendor notified
24/03/2022 - Fix / patch
24/03/2022 - CVE Requested
29/03/2022 - Public disclosure
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed