WordPress Plugin Vulnerabilities
Hubbub Lite < 1.32.0 - Admin+ Stored XSS
Description
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
Proof of Concept
As admin, enable the 'Floating Sidebar' (/wp-admin/admin.php?page=dpsp-toolkit), then put the payload below in the 'Twitter Username' Settings of the plugin, and enable the 'Add Twitter Username to all tweets' settings as well "><img src=xss onerror=alert('XSS') /> The XSS will be triggered when accessing the Floating Sidebar page (/wp-admin/admin.php?page=dpsp-sidebar)
Affects Plugins
References
CVE
Classification
Type
XSS
OWASP top 10
CWE
Miscellaneous
Original Researcher
Tycho Niestadt
Submitter
Tycho Niestadt
Verified
Yes
WPVDB ID
Timeline
Publicly Published
2024-01-11 (about 4 months ago)
Added
2024-01-11 (about 4 months ago)
Last Updated
2024-01-11 (about 4 months ago)