CVE-2023-4137

medium

Description

A researcher at Tenable discovered an unauthenticated reflected cross-site scripting (XSS) vulnerability in the AYS Popup Box WordPress plugin. The XSS vulnerability exists in the 'upgrade_plugin' parameter of the 'deactivate_plugin_option_pb' action, as the parameter is reflected in the response without prior filtering with a Content-Type header of text/html. The vulnerable code was present in the function 'deactivate_plugin_option()' of the file 'admin/class-ays-pb-admin.php'. Proof of Concept: Any user visiting the following link, where wordpress.tld is the instance of wordpress with the plugin installed, will trigger the reflected XSS payload:   http://wordpress.tld/wp-admin/admin-ajax.php?action=deactivate_plugin_option_pb&upgrade_plugin=<svg%20onload=alert(document.domain)>

Details

Source: Mitre, NVD

Published: 2023-08-03

Risk Information

CVSS v2

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 6.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N