WordPress Plugin Vulnerabilities

3D FlipBook < 1.13.3 - Contributor+ Stored XSS

Description

The plugin does not validate or escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks against high privilege users like administrators.

Proof of Concept

1. As an administrator, create a 3d FlipBook.

2. Log in as a contributor, and create a post with the following shortcode in it

[3d-flip-book mode='fullscreen' id='1' classes='" onmouseover="alert(1)"']

3. Send the post for review (Publish) and preview the post.

Affects Plugins

Plugin icon
interactive-3d-flipbook-powered-physics-engine
Fixed in 1.13.3

References

CVE
CVE-2022-4453

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
6.8 (medium)

Miscellaneous

Original Researcher
Lana Codes
Submitter
Lana Codes
Submitter website
https://lana.codes/
Submitter twitter
LanaCodes
Verified
Yes
WPVDB ID
120bdcb3-4288-4101-b738-cc84d02da171

Timeline

Publicly Published
2022-12-22 (about 1 years ago)
Added
2022-12-22 (about 1 years ago)
Last Updated
2022-12-27 (about 1 years ago)

Other

Published
Title
Published
2021-09-27
Title
Countdown and CountUp, WooCommerce Sales Timers < 1.5.8 - CSRF to Stored Cross-Site Scripting
Published
2021-07-24
Title
Project Status <= 1.6 - Reflected Cross-Site Scripting (XSS)
Published
2023-05-09
Title
VK Blocks < 1.54.0 - Multiple Stored XSS
Published
2023-01-11
Title
ResponsiveVoice Text To Speech < 1.7.7 - Contributor+ Stored XSS
Published
2020-01-19
Title
Contextual Adminbar Color < 0.3 - Authenticated Stored Cross-Site Scripting Issue