DEV Community

Sanzeeb Aryal
Sanzeeb Aryal

Posted on • Edited on

2 1

How can authenticated XSS occur?

Pre Script: I am writing because I just learnt something.

Obviously, cross-site scripting (XSS) is critical in the public way. Authenticated XSS... Why would the authenticated personal inject the script themselves? Yes, they won't, but they might be tricked to. I have recently encountered the authenticated XSS in one of my WordPress plugins. The page displays the entries with the provided form ID in the url. Only administrators has the capability to view the form entries page.

On the admin dashboard, the url below will display the entries of form id 8.

http://sanjeebaryal.com.np/wp-admin/admin.php?page=entries-for-wpforms&form_id=8

The form id will be queried to the database. So, it can easily be vulnerable if not sanitized properly.

http://sanjeebaryal.com.np/wp-admin/admin.php?page=entries-for-wpforms&form_id=8<script>alert('XSS');</script>

Authenticated administrator user won't inject something like that but they might be tricked to.Suppose I'm an authenticated user and is logged in to my WordPress dashboard and someone sent me link like above (Links can be shortened and prettified) and I clicked on that. That's Authenticated XSS.

You should also sanitize SQL order and orderby in WordPress.

I hope it's helpful!

AWS Q Developer image

Your AI Code Assistant

Automate your code reviews. Catch bugs before your coworkers. Fix security issues in your code. Built to handle large projects, Amazon Q Developer works alongside you from idea to production code.

Get started free in your IDE

Top comments (0)

A Workflow Copilot. Tailored to You.

Pieces.app image

Our desktop app, with its intelligent copilot, streamlines coding by generating snippets, extracting code from screenshots, and accelerating problem-solving.

Read the docs

👋 Kindness is contagious

Please leave a ❤️ or a friendly comment on this post if you found it helpful!

Okay