Mimetic Books <= 0.2.13 - Authenticated Stored Cross-Site Scripting (XSS)
Description
The plugin was vulnerable to Authenticated Stored Cross-Site Scripting (XSS) in the "Default Publisher ID" field on the plugin's settings page.
Proof of Concept
1. Install WordPress 5.7.2 2. Install and activate Mimetic Books 3. Navigate to Settings >> Mimetic Books API and enter the XSS payload into the Default Publisher ID input field. 4. Click Save Changes. 5. You will observe that the payload successfully got stored into the database and when you are triggering the same functionality at that time JavaScript payload is executing successfully and we are getting a pop-up. 6. Payload Used: "><script>alert(document.cookie)</script>
Affects Plugins
No known fix - plugin closed
References
ExploitDB
Classification
Miscellaneous
Original Researcher
Vikas Srivastava
Submitter website
Submitter twitter
Verified
Yes
Timeline
Publicly Published
2021-07-19 (about 3 months ago)
Added
2021-07-19 (about 3 months ago)
Last Updated
2021-07-20 (about 3 months ago)