CM Pop-Up banners for WordPress < 1.4.11 | Authenticated Stored XSS

Vulnerability

When saving a new campaign, a user with edit_pages capabilities can store scripts in the campaign’s pop-up content. The code can then be executed on every page on the website.

Proof of concept

Proof of concept will be posted later, to give users the time to update.

Plugin details

Plugin name: CM Pop-Up banners for WordPress Plugin
URL: https://wordpress.org/plugins/cm-pop-up-banners/
Plugin Author: Creative Minds

Timeline

  • Tuesday, march 24th 2020: Vulnerability detected by Jeroen Mulder. Plugin’s author notified
  • Friday, march 27th 2020: Vulnerability fixed by plugin author in version 1.4.11

Jeroen Mulder

Webdeveloper based in the Netherlands