Post Grid, Post Carousel, & List Category Posts < 2.4.19 – Contributor+ Stored XSS | CVE 2023-0097 | Plugin Vulnerabilities

Description

The plugin does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.

Proof of Concept

Exploit Additional CSS class(es) for "Smart Post Show" Gutenberg block:

" onmouseover="alert(1)" style="background:red;"

Note: First, you need to add a Smart Post Show.

Affects Plugins

Fixed in 2.4.19

References

CVE

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CVSS

Miscellaneous

Original Researcher

Lana Codes

Submitter

Lana Codes

Submitter website

https://lana.codes/

Submitter twitter

Verified

Yes

WPVDB ID

19379f08-d667-4b1e-a774-0f4a17ad7bff

Timeline

Publicly Published

2023-01-06 (about 1 years ago)

Added

2023-01-06 (about 1 years ago)

Last Updated

2023-01-06 (about 1 years ago)

Other

Published

Title

Published

2024-04-15

Title

Envo Extra < 1.8.12 - Authenticated (Contributor+) Stored Cross-Site Scripting

Published

2014-08-01

Title

Pinboard 1.0.6 - includes/theme-options.php tab Parameter XSS

Published

2015-11-22

Title

Add Link to Facebook <= 2.2.7 - Authenticated Cross-Site Scripting (XSS)

Published

2023-11-23

Title

Events Manager < 6.4.6 - Reflected Cross-Site Scripting

Published

2024-03-13

Title

Beaver Builder Addons by WPZOOM < 1.3.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Heading Widget