Anomify AI WordPress Plugin Stored Cross-Site Scripting Vulnerability

A stored cross-site scripting vulnerability has been identified in the Anomify AI – Anomaly Detection and Alerting plugin for WordPress, affecting versions through 0.3.6. The issue arises from inadequate input sanitization and absent output escaping. Specifically, the plugin uses 'sanitize_text_field()' on the 'anomify_api_key' parameter before saving it with 'update_option()'. However, this sanitization fails to properly encode double-quote characters, allowing authenticated attackers with administrator privileges to inject malicious scripts. These scripts are executed when a user accesses the plugin's settings page.

Impact

Exploitation of this vulnerability allows for stored cross-site scripting, where injected scripts are executed in the context of the user visiting the settings page.

Reproduction

To reproduce this vulnerability, an authenticated administrator can navigate to the Anomify plugin settings page. From there, the 'anomify_api_key' parameter can be updated with a value that includes a script injection. Once saved, the injected script will execute whenever the settings page is visited.