WP Reactions Lite < 1.3.6 – Authenticated Stored Cross Site Scripting | CVE 2021-24723 | Plugin Vulnerabilities

Description

The plugin does not properly sanitize inputs within wp-admin pages, allowing users with sufficient access to inject XSS payloads within /wp-admin/ pages.

Proof of Concept

* Open  Global Activation and Click on Customize Now
* On Step3 (StylingTab) >> Enter the XSS payload into "Whats your reaction" field
Payload Used : "><script>alert(document.location)</script>
* Click On Save and Exit Button and Alert will popup every time a Global Activation step is loaded.

Affects Plugins

wp-reactions-lite

Fixed in 1.3.6

References

CVE

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CVSS

Miscellaneous

Original Researcher

Shivam Rai

Submitter

Shivam Rai

Submitter twitter

Verified

Yes

WPVDB ID

0a46ae96-41e5-4b52-91c3-409f7387aecc

Timeline

Publicly Published

2021-09-28 (about 2 years ago)

Added

2021-09-28 (about 2 years ago)

Last Updated

2022-04-08 (about 2 years ago)

Other

Published

Title

Published

2021-09-22

Title

Cookie Bar < 1.8.9 - Admin+ Stored Cross-Site Scripting

Published

2022-06-14

Title

Custom Popup Builder <= 1.3.1 - Contributor+ Stored Cross-Site Scripting

Published

2012-05-11

Title

Better WP Security <= 3.2.4 - Cross-Site Scripting (XSS)

Published

2017-03-10

Title

Profile Builder < 2.5.8 - Authenticated Stored Cross-Site Scripting (XSS)

Published

2024-05-08

Title

Gianism <= 5.1.0 - Admin+ Stored XSS