WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

3D FlipBook < 1.13.3 - Contributor+ Stored XSS

Description

The plugin does not validate or escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks against high privilege users like administrators.

Proof of Concept

1. As an administrator, create a 3d FlipBook.

2. Log in as a contributor, and create a post with the following shortcode in it

[3d-flip-book mode='fullscreen' id='1' classes='" onmouseover="alert(1)"']

3. Send the post for review (Publish) and preview the post.

Affects Plugins

interactive-3d-flipbook-powered-physics-engine
Fixed in version 1.13.3

References

CVE
CVE-2022-4453

Classification

Type

XSS

OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79

Miscellaneous

Original Researcher

Lana Codes

Submitter

Lana Codes

Submitter website
https://lana.codes/
Submitter twitter
LanaCodes
Verified

Yes

WPVDB ID
120bdcb3-4288-4101-b738-cc84d02da171

Timeline

Publicly Published

2022-12-22 (about 1 months ago)

Added

2022-12-22 (about 1 months ago)

Last Updated

2022-12-27 (about 1 months ago)

Our Other Services

WPScan WordPress Security Plugin