DEV Community

Sanzeeb Aryal
Sanzeeb Aryal

Posted on • Updated on

How can authenticated XSS occur?

Pre Script: I am writing because I just learnt something.

Obviously, cross-site scripting (XSS) is critical in the public way. Authenticated XSS... Why would the authenticated personal inject the script themselves? Yes, they won't, but they might be tricked to. I have recently encountered the authenticated XSS in one of my WordPress plugins. The page displays the entries with the provided form ID in the url. Only administrators has the capability to view the form entries page.

On the admin dashboard, the url below will display the entries of form id 8.

http://sanjeebaryal.com.np/wp-admin/admin.php?page=entries-for-wpforms&form_id=8

The form id will be queried to the database. So, it can easily be vulnerable if not sanitized properly.

http://sanjeebaryal.com.np/wp-admin/admin.php?page=entries-for-wpforms&form_id=8<script>alert('XSS');</script>

Authenticated administrator user won't inject something like that but they might be tricked to.Suppose I'm an authenticated user and is logged in to my WordPress dashboard and someone sent me link like above (Links can be shortened and prettified) and I clicked on that. That's Authenticated XSS.

You should also sanitize SQL order and orderby in WordPress.

I hope it's helpful!

Top comments (0)