WordPress Plugin Vulnerabilities

Tutor LMS < 1.9.11 - Reflected Cross-Site Scripting

Description

The plugin does not sanitise and escape user input before outputting back in attributes in the Student Registration page, leading to a Reflected Cross-Site Scripting issue

Proof of Concept

https://example.com/student-registration/?user_login="><script>alert(/XSS/)</script>

Affects Plugins

Plugin icon
tutor
Fixed in 1.9.11

References

CVE
CVE-2021-24873
URL
https://plugins.trac.wordpress.org/changeset/2615802/tutor

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
6.1 (medium)

Miscellaneous

Original Researcher
ZhongFu Su(JrXnm) of Wuhan University
Submitter
ZhongFu Su(JrXnm) of Wuhan University
Submitter website
https://blog.szfszf.top
Verified
Yes
WPVDB ID
19980b57-1954-4a29-b2c2-43eadf758ed3

Timeline

Publicly Published
2021-10-19 (about 2 years ago)
Added
2021-10-19 (about 2 years ago)
Last Updated
2022-09-26 (about 1 years ago)

Other

Published
Title
Published
2022-08-31
Title
Bitcoin / Altcoin Faucet <= 1.6.0 - Settings Update to Stored XSS via CSRF
Published
2024-04-05
Title
Bold Page Builder < 4.8.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via bt_bb_price_list Shortcode
Published
2024-03-18
Title
Tourfic < 2.11.9 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2018-04-27
Title
Events Manager < 5.9 - Authenticated Stored Cross-Site Scripting (XSS)
Published
2024-03-29
Title
Ultimate Addons for Beaver Builder – Lite < 1.5.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button Widget