EditableTable <= 0.1.4 – Admin+ Stored Cross-Site Scripting | CVE 2021-24898

Description

The plugin does not sanitise and escape any of the Table and Column fields, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed

Proof of Concept

Create a new EDTB and put the following payload in the Table Name, Column Name or Column Label: "><img src=x onerror=confirm(1)>

Affects Plugins

editable-table

No known fix

References

CVE

CVE-2021-24898

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CWE-79

CVSS

3.4 (low)

Miscellaneous

Original Researcher

Vaibhav Koli

Submitter

Vaibhav Koli

Submitter website

https://www.keyloggervk7.com

Submitter twitter

keyloggervk7

Verified

Yes

WPVDB ID

10fdc464-0ddc-4919-8f21-969fff854011

Timeline

Publicly Published

2021-10-25 (about 2 years ago)

Added

2022-01-26 (about 2 years ago)

Last Updated

2022-04-12 (about 2 years ago)

Other

Published

Title

Published

2015-08-11

Title

iframe < 4.0 - Authenticated Stored Cross-Site Scripting (XSS)

Published

2023-10-12

Title

Next Page <= 1.5.2 - Admin+ Stored XSS

Published

2024-03-13

Title

Crisp < 0.45 - Authenticated (Subscriber+) Stored Cross-Site Scripting

Published

2020-04-15

Title

Widget Settings Importer/Exporter <= 1.5.3 - Authenticated Stored XSS

Published

2022-11-17

Title

iFeature Slider <= 1.2 - Contributor+ Stored XSS