call now button <= 1.1.1 Reflected XSS（CVE-2022-1455）

In file /call-now-button/src/admin/action/CnbActionViewEdit.php $_REQUEST["bid"]does not sanitized properly and leading a Reflected XSS.

And $button->type = 'SINGLE' defaultly.

If we want to trigger this xss, we need activate premium first, it’s for free.

POC:

According to this article, To trigger this xss we need press Shift + Alt + X in windows or Ctrl + Alt + X In macos.

1	`http://127.0.0.1/wp-admin/admin.php?page=call-now-button&bid=xxxxx" accesskey=X onclick=alert(1) test="`

CVE

XSS

本博客所有文章除特别声明外，均采用 CC BY-SA 4.0 协议，转载请注明出处！

wp_call_now_button