WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

Shop Page WP < 1.2.8 - Admin+ Stored Cross-Site Scripting

Description

The plugin does not sanitise and escape some of the Product fields, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.

Proof of Concept

Add/edit a product and put the following payload in the Product Affiliate URL, Custom Button Text fields: "><img src onerror=alert(/XSS/)>
The Product Description field is also affected, with the following payload: </textarea><img src onerror=alert(/XSS/)>

The XSS will be triggered when viewing the Product in a page, or when editing the Product in the admin dashboard

Affects Plugins

shop-page-wp
Fixed in version 1.2.8

References

CVE
CVE-2021-24811

Classification

Type

XSS

OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79

Miscellaneous

Original Researcher

Mika

Submitter

Mika

Submitter website
https://mikadmin.fr/blog/
Submitter twitter
mika_sec
Verified

Yes

WPVDB ID
000e65f1-89cd-4dd5-a09d-5febd9fdfbdb

Timeline

Publicly Published

2021-11-01 (about 10 months ago)

Added

2021-11-01 (about 10 months ago)

Last Updated

2022-04-09 (about 5 months ago)

Our Other Services

WPScan WordPress Security Plugin