cjc.im / advisories / 0004
Stored XSS in WP User Notes
This vulnerability has been discovered and reported by Carl Clegg (carl(at)cjc(dot)im)
- 2016-11-06 Vendor Notified
This plugin adds a text editor area to each User Profile in the dashboard for Administrators to keep private notes about each User.
Risk / Severity Rating
Description and Impact
$notes = (!empty($_POST['user_notes_note']))?stripslashes($_POST['user_notes_note']):''; update_user_meta($user_id, 'user-notes-note', $notes);
Proof of Concept
<script> tags is enough to execute code in the context of other administrators.
Disable the plugin until an upgrade is available
- XSS here
The information contained within this advisory is supplied "as-is" with no warranties or guarantees of fitness of use or otherwise.