WordPress Plugin Vulnerabilities

Social Media Share Buttons & Social Sharing Icons < 2.8.2 - Admin+ Stored XSS

Description

The plugin does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example, in multisite setup).

Proof of Concept

Put the payload in any text field of the "8 Do you want to show a subscription form (increases sign-ups)? » Text above the entry field » Text" settings and save: " style=animation-name:rotation onanimationstart=alert(/XSS/)//

The XSS will be triggered when reaccessing the settings.

Affects Plugins

Plugin icon
ultimate-social-media-icons
Fixed in 2.8.2

References

CVE
CVE-2023-1166

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
3.5 (low)

Miscellaneous

Original Researcher
Mohamed Selim
Submitter
Mohamed Selim
Submitter website
https://facebook.com/caesareg
Verified
Yes
WPVDB ID
090dbdf4-61e2-4b51-a3e2-76096596c514

Timeline

Publicly Published
2023-06-05 (about 11 months ago)
Added
2023-06-05 (about 11 months ago)
Last Updated
2023-06-05 (about 11 months ago)

Other

Published
Title
Published
2023-06-05
Title
KiviCare Management System < 3.2.1 - Reflected Cross-Site Scripting
Published
2023-05-22
Title
Leyka < 3.30.2 - Reflected XSS
Published
2022-06-08
Title
Copify <= 1.3.0 - Stored Cross-Site Scripting via CSRF
Published
2024-04-22
Title
Ultimate 410 Gone Status Code < 1.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2020-01-15
Title
ListingPro < 2.5.4 - Unauthenticated Reflected Cross-Site Scripting