WordPress Plugin Domain Check 1.0.16 - Reflected Cross-Site Scripting (XSS) (Authenticated)

EDB-ID:

50697




Platform:

PHP

Date:

2022-02-02


# Exploit Title: WordPress Plugin Domain Check 1.0.16 - Reflected Cross-Site Scripting (XSS) (Authenticated)
# Date: 30-10-2021
# Exploit Author: Ceylan Bozogullarindan
# Author Webpage: https://bozogullarindan.com
# Vendor Homepage: https://domaincheckplugin.com/
# Software Link: https://wordpress.org/plugins/domain-check/
# Version: 1.0.16
# Tested on: Linux
# CVE: CVE-2021-24926 (https://wpscan.com/vulnerability/8cc7cbbd-f74f-4f30-9483-573641fea733)


# Description:

Domain Check is a Wordpress plugin that allows you to see what domains and SSL certificates are coming up for expiration and to quickly locate the coupons, coupon codes, and deals from your favorite sites before renewing.

An authenticated user is able to inject arbitrary Javascript or HTML code to the "Domain Check Profile" interface available in settings page of the plugin, due to incorrect sanitization of user-supplied data and achieve a Reflected Cross-Site Scripting attack against the administrators. The plugin versions prior to 1.0.16 are affected by this vulnerability.


The details of the discovery are given below.


# Steps To Reproduce:
1. Just visit the following page after signing in the administrator panel: http://vulnerable-wordpress-website/wp-admin/admin.php?page=domain-check-profile&domain=hacked.foo<script>alert(1)</script>
2. The XSS will be triggered on the settings page.