WordPress Plugin Vulnerabilities

Spectra < 1.15.0 - Contributor+ Stored Cross-Side Scripting

Description

The plugin does not sanitize user input as it reaches its style HTML attribute, allowing contributors to conduct stored XSS attacks via the plugin's Gutenberg blocks.

Proof of Concept

Note: The exploit requires the Contact Form 7 plugin.

Exploit Additional CSS class(es) for “Contact Form 7 Styler” Gutenberg block:
" onmouseover="alert(1)" style="background:red;"

Affects Plugins

Plugin icon
ultimate-addons-for-gutenberg
Fixed in 1.15.0

References

CVE
CVE-2020-36656

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
6.8 (medium)

Miscellaneous

Original Researcher
Lana Codes
Submitter
Lana Codes
Submitter website
https://lana.codes/
Submitter twitter
LanaCodes
Verified
Yes
WPVDB ID
10f7e892-7a91-4292-b03e-6ad75756488b

Timeline

Publicly Published
2023-01-24 (about 1 years ago)
Added
2023-01-24 (about 1 years ago)
Last Updated
2023-01-24 (about 1 years ago)

Other

Published
Title
Published
2012-07-23
Title
Get Off Malicious Scripts - Cross-Site Scripting (XSS)
Published
2022-08-01
Title
Social Slider Feed < 2.0.5 - Subscriber+ Arbitrary Feed Deletion
Published
2014-08-01
Title
EELV Newsletter - Cross-Site Scripting
Published
2023-12-05
Title
Soledad < 8.4.2 - Reflected Cross-Site Scripting
Published
2023-05-11
Title
eBecas <= 3.1.3 - Admin+ Stored XSS