less than 1 minute read

Introduction

Receiving an assigned CVE ID is something new to me. Seeing other people with their own CVEs makes me feel that they are cool. So, I have decided to begin hunting for vulnerabilities within the WordPress ecosystem. As a starting point, I am hunting for a vulnerability in a WordPress plugin and have reported it through WPScan, an authorized Certified Numbering Authority (CNA) that can assign a CVE number to a vulnerability.

CVE-2022-3074 is my first ever CVE. I would like to give a special shoutout to Rafshanzani Suhada for helping me discover my first CVE and providing guidance on how to report it through WPScan.

Description

There isn’t any complexity or requirement for high skills to find this CVE. Actually, it’s a low-hanging fruit bug—a stored XSS vulnerability that requires Administrator privileges. What makes it special, once again, is that it’s my first-ever CVE.

Proof of Concept

Create or edit a Slide and put the following payload in the Name field:

" onfocus=alert(/XSS/) autofocus="

The XSS will be triggered upon editing the slide again.

CVE-2022-3074

This vulnerability affects Slider Hero versions up to 8.4.3 and has been resolved in version 8.4.4.

References

  • https://wpscan.com/vulnerability/90ebaedc-89df-413f-b22e-753d4dd5e1c3
  • https://nvd.nist.gov/vuln/detail/CVE-2022-3074
  • https://www.tenable.com/cve/CVE-2022-3074

Tags:

Categories:

Updated: