WordPress Plugin Vulnerabilities

WP RSS Aggregator < 4.19.3 - Subscriber+ Stored Cross-Site Scripting

Description

The plugin does not sanitise and escape data before outputting it in the System Info admin dashboard, which could lead to a Stored XSS issue due to the wprss_dismiss_addon_notice AJAX action missing authorisation and CSRF checks, allowing any authenticated users, such as subscriber to call it and set a malicious payload in the addon parameter.

Proof of Concept

Affects Plugins

Plugin icon
wp-rss-aggregator
Fixed in 4.19.3

References

CVE
CVE-2021-24988

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
8.0 (high)

Miscellaneous

Original Researcher
Krzysztof Zając
Submitter
Krzysztof Zając
Submitter website
https://kazet.cc/
Verified
Yes
WPVDB ID
0742483b-6314-451b-a63a-536fd1e14845

Timeline

Publicly Published
2021-11-29 (about 4 years ago)
Added
2021-11-29 (about 4 years ago)
Last Updated
2022-04-10 (about 3 years ago)

Other

Published
Title
Published
2024-03-25
Title
Tutor LMS Elementor Addons < 2.1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2015-08-20
Title
Alpine PhotoTile for Instagram <= 1.2.7.5 - Authenticated Cross-Site Scripting (XSS)
Published
2022-03-07
Title
Menu Image, Icons made easy < 3.0.8 - Subscriber+ Stored Cross-Site Scripting
Published
2022-11-17
Title
GetYourGuide Ticketing < 1.0.4 - Admin+ Stored XSS
Published
2025-04-01
Title
Auto scroll for reading <= 1.1.4 - Reflected Cross-Site Scripting