WordPress Plugin Vulnerabilities

Html5 Audio Player < 2.1.12 - Contributor+ Stored XSS

Description

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.

Proof of Concept

[h5ap_inline_player src="invalid' onerror='alert(1)'"]

Affects Plugins

Plugin icon
html5-audio-player
Fixed in 2.1.12

References

CVE
CVE-2023-0170

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
6.8 (medium)

Miscellaneous

Original Researcher
Lana Codes
Submitter
Lana Codes
Submitter website
https://lana.codes/
Submitter twitter
LanaCodes
Verified
Yes
WPVDB ID
19ee5e33-acc8-40c5-8f54-c9cb0fa491f0

Timeline

Publicly Published
2023-01-12 (about 1 years ago)
Added
2023-01-12 (about 1 years ago)
Last Updated
2023-01-12 (about 1 years ago)

Other

Published
Title
Published
2015-08-04
Title
Database Sync <= 0.4 - Reflected Cross-Site Scripting (XSS)
Published
2023-09-01
Title
WP Default Feature Image <= 1.0.1.1 - Admin+ Stored XSS
Published
2022-12-29
Title
10WebMapBuilder < 1.0.72 - Contributor+ Stored XSS via Shortcode
Published
2022-10-27
Title
JetBackup < 1.6.9.1 - Admin+ Stored XSS
Published
2023-01-13
Title
alfred24 Click & Collect <= 1.1.7 - Admin+ Stored XSS