CVE-2022-3469 The WP Attachments plugin before 5.0.5 has an unsafe setting that could allow high-privilege users to do Stored Cross-site Scripting.
This issue is now fixed in version 5.0.6 or later.
The WP Attachments plugin before 5.0.6 allows users with lower than default “Uploads” permissions to run XSS attacks via JS code in attachments via file upload.
The WP Attachments plugin before 5.0.5 does not validate the required permissions of the user when setting the “Unfiltered HTML” capability.
This issue is now fixed in version 5.0.6 or later.
The WP Attachments plugin before 5.0.5 does not properly sanitize the “Unfiltered HTML” capability for non-admin users. This issue is now fixed in version 5.0.6 or later.
WP Attachments before 5.0.5 does not prevent access to its settings via plugin actions, allowing low-privilege users to access the “Unfiltered HTML” capability and run XSS attacks.
WP Attachments before 5.0.5 does not properly sanitize the “Unfiltered HTML” capability when setting the “Send via email” option, allowing low-privilege users to send XSS emails.
WP Attachments before 5.0.5 does not properly sanitize the “Unfiltered HTML” capability when setting the “Send via SMTP” option, allowing low-privilege users
Vulnerable plugins
The WP Attachments plugin before 5.0.5 does not properly validate its settings when a user sets the “Send via email” option, allowing low-privilege users to send XSS emails.
The WP Attachments plugin before 5.0.5 does not properly sanitize the “Unfiltered HTML” capability when setting the “Send via SMTP” option, allowing low-privilege users
The WP Attachments plugin before 5.0.5 does not prevent access to its settings via plugin actions, allowing low-privilege users to access the “Unfiltered HTML” capability and run XSS attacks
Timeline
Published on: 11/14/2022 15:15:00 UTC
Last modified on: 11/16/2022 19:02:00 UTC