Advanced Access Manager < 6.8.0 – Admin+ Stored Cross-Site Scripting | CVE 2021-24830 | Plugin Vulnerabilities

Description

The plugin does not escape some of its settings when outputting them, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed

Proof of Concept

Put the following payload in any of the plugin's settings with a text input:
- v < 6.7.9 - "><script>alert(/XSS/)</script>
- v < 6.8.0 - " onfocus=alert(/XSS/)//

For example in "404 Redirect" > "Redirected to the local URL" > "The URL", "URI Access" > Create > "Enter URL" etc

The XSS will be triggered when accessing the plugin setting again

Affects Plugins

advanced-access-manager

Fixed in 6.8.0

References

CVE

URL

https://plugins.trac.wordpress.org/changeset/2616161/

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CVSS

Miscellaneous

Original Researcher

Huy Nguyen

Submitter

Huy Nguyen

Submitter website

https://www.linkedin.com/in/id-laladee/

Verified

Yes

WPVDB ID

1c46373b-d43d-4d18-b0ae-3711fb0be0f9

Timeline

Publicly Published

2021-10-19 (about 2 years ago)

Added

2021-10-19 (about 2 years ago)

Last Updated

2022-04-14 (about 2 years ago)

Other

Published

Title

Published

2015-04-07

Title

WP Super Cache < 1.4.3 - Stored Cross-Site Scripting (XSS)

Published

2014-11-04

Title

WP Support Plus Responsive Ticket System < 4.1 - XSS

Published

2018-05-28

Title

Site Reviews <= 2.15.2 - Cross-Site Scripting (XSS)

Published

2024-04-10

Title

Popup Like box – Page < 3.7.3 - Authenticated (Administrator+) Stored Cross-Site Scripting

Published

2023-08-17

Title

Mortgage Calculator Estatik <= 2.0.7 - Reflected XSS