WordPress Plugin Vulnerabilities

Outdated php-mod/curl Library - Unauthenticated Reflected Cross-Site Scripting (XSS)

Description

The original submission stated that the HT Slider Range for Amazon affiliates plugin for WordPress had a reflected XSS vulnerability. After investigation (WPScanTeam), the cause was found to be test files from the php-mod/curl library, which was missing appropriate response headers before outputting user input. We contacted the vendor of the library, which issued a fix (v2.3.2) within a few hours. In the meantime, the entire WordPress plugins repository was scanned for the affected files and 4 additional plugins were identified to be affected as well

Proof of Concept

Affects Plugins

Plugin icon
slider-range-htapps
Fixed in 1.1.6
Plugin icon
woo-qiwi-payment-gateway
No known fix
Plugin icon
teamleader-form-integration
Fixed in 2.1.0
Plugin icon
woo-billing-with-invoicexpress
Fixed in 3.0.3
Plugin icon
shopello
No known fix

References

CVE
CVE-2021-30134
URL
https://github.com/php-mod/curl/releases/tag/2.3.2

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
6.1 (medium)

Miscellaneous

Original Researcher
Frank Liauw
Submitter
Frank Liauw
Submitter website
https://sg.linkedin.com/in/frankliauw
Submitter twitter
frankvolkel
Verified
Yes
WPVDB ID
0b547728-27d2-402e-ae17-90d539344ec7

Timeline

Publicly Published
2021-04-16 (about 4 years ago)
Added
2021-04-16 (about 4 years ago)
Last Updated
2021-04-19 (about 4 years ago)

Other

Published
Title
Published
2023-01-11
Title
WC Vendors Marketplace < 2.4.5 - Contributor+ Stored XSS
Published
2014-08-01
Title
JS External Link Info 1.21 - redirect.php blog Parameter XSS
Published
2019-06-24
Title
Ultimate Member < 2.0.52 - CSRF and Stored XSS issues
Published
2023-12-01
Title
Seraphinite Accelerator < 2.20.29 - Reflected Cross-Site Scripting via rt
Published
2021-12-27
Title
Image Hover Effects Ultimate < 9.7.1 - Reflected Cross-Site Scripting