CVE-2022-50946

Vulnerability

Overview

The Netroics Blog Posts Grid plugin for WordPress, version 1.0, contains a stored cross-site scripting (XSS) vulnerability in the testimonial title field. The plugin fails to sanitize the post_title parameter, allowing authenticated users with Editor privileges to inject arbitrary JavaScript code. [1][2]

Exploitation

Details

An attacker with Editor access can log in, add a testimonial, and insert a malicious payload into the Title field. For example, the payload user s1"><img src=x onerror=alert(document.cookie)>.gif will execute when the draft post is previewed or previewed. The injected script runs in the browsers of other Editors or Administrators who view the post, enabling cookie theft and session hijacking. [1]

Impact

Successful exploitation allows an attacker to steal authentication cookies from other users, potentially leading to account takeover and further compromise of the WordPress site. The vulnerability is classified as CWE-79 (Improper Neutralization of Input During Web Page Generation) with a CVSS v3 score of 6.4 (Medium). [2]

Mitigation

As of the advisory date, version 1.0 is confirmed vulnerable; prior versions may also be affected. No patch has been released. Users should consider disabling the plugin or implementing a web application firewall (WAF) rule to sanitize the post_title parameter until an update is available. [1][2]