WordPress Donorbox-Donation-Form plugin version 7.1.6 suffers from a persistent cross site scripting vulnerability.
cc49f7fb4e0588e466e93168ad6343f9
# Exploit Title: WordPress Plugin donorbox-donation-form 7.1.6 -
Stored Cross Site Scripting (Authenticated)
# Date: 29-03-2022
# Exploit Author: Hassan Khan Yusufzai - Splint3r7
# Vendor Homepage:
https://wordpress.org/plugins/donorbox-donation-form
<https://wordpress.org/plugins/amministrazione-aperta/>
# Version: 7.1.6
# Tested on: Firefox
# Contact me: h [at] spidersilk.com
# Vulnerable Code:
```
public function donorbox_embed_campaign_id_settings() { ?>
<input
name="donorbox_embed_campaign_options[donorbox_embed_campaign_id]"
type="text" value="<?php echo $this->options['donorbox_embed_campaign_id'];
?>" class="regular-text" />
<?php
}
```
# POC
1) Install donorbox-donation-form
<https://wordpress.org/plugins/amministrazione-aperta/> WordPress plugin
2)Open donorbox plugin settings
3) Inject payload in URL field
4) XSS will trigger.
# Timeline
21/03/2022 - Vendor notified
24/03/2022 - Fix / patch
24/03/2022 - CVE Requested
29/03/2022 - Public disclosure