WP-WebAuthn Unauthenticated Stored Cross-Site Scripting Vulnerability

A stored cross-site scripting vulnerability has been identified in the WP-WebAuthn plugin for WordPress, affecting all versions through 1.3.4. The issue arises from inadequate input sanitization and output escaping of user-supplied data in the plugin's logging feature. This vulnerability allows unauthenticated attackers to inject arbitrary scripts that are executed when a user views the plugin's log page, assuming the logging option is enabled.

Impact

Exploitation of this vulnerability allows for unauthenticated stored cross-site scripting, where injected scripts are executed in the context of the user viewing the log page.

Reproduction

To reproduce this vulnerability, first ensure that the WP-WebAuthn plugin is installed and activated on a WordPress site. Then, navigate to the plugin's settings and enable the logging option. Afterward, an unauthenticated user can send a request to the 'wwa_auth' AJAX endpoint with a payload that includes the malicious script. Once the script is injected, it will be executed when any user accesses the log page.

Remediation

No known patch is available for this vulnerability. It is recommended to review the vulnerability details and consider uninstalling the affected plugin.