WPeMatico RSS Feed Fetcher WordPress Plugin Stored Cross-Site Scripting Vulnerability

A stored cross-site scripting vulnerability has been identified in the WPeMatico RSS Feed Fetcher WordPress plugin, affecting versions prior to 2.8.13. The issue arises because the plugin fails to properly sanitize and escape certain settings, allowing high-privilege users, such as contributors, to inject malicious scripts that are executed when the content is viewed.

Impact

Exploitation of this vulnerability allows for stored cross-site scripting, where injected scripts are executed in the context of the user viewing the content.

Reproduction

To reproduce this vulnerability, log in as a contributor and navigate to the WPeMatico tab. Create a new campaign and add an arbitrary RSS feed. In the 'Post Template' section, enable the custom post template option and insert a script payload, such as a script tag containing JavaScript code, into the template textbox. Submit the campaign for review, and the injected script will execute immediately. Alternatively, this vulnerability can be reproduced by injecting a script payload into the 'Rewrite Options' textboxes after enabling the 'Rewrite' feature' in the WPeMatico settings.

Remediation

Users are advised to update the WPeMatico RSS Feed Fetcher WordPress plugin to version 2.8.13 or later.