WordPress Plugin Vulnerabilities

Ninja Tables < 4.1.8 - Admin+ Stored Cross-Site Cross-Site Scripting

Description

The plugin does not sanitise and escape some of its table fields, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed

Proof of Concept

Create a table, add a column with the following payload "><img src=x onerror=confirm(/XSS-column/)> as Name, then add data with the following payload "><img src=x onerror=confirm(/XSS-data/)>

The XSS will be triggered in the Table Design and Table Row tabs

Affects Plugins

Plugin icon
ninja-tables
Fixed in 4.1.8

References

CVE
CVE-2021-24900
Exploitdb
50455
URL
https://packetstormsecurity.com/files/#164632/

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
3.4 (low)

Miscellaneous

Original Researcher
Akash Rajendra Patil
Submitter
Akash Rajendra Patil
Submitter website
https://akashpatil.me
Submitter twitter
skypatil98
Verified
Yes
WPVDB ID
213d7c08-a37c-49d0-a072-24db711da5ec

Timeline

Publicly Published
2021-10-25 (about 2 years ago)
Added
2022-01-26 (about 2 years ago)
Last Updated
2022-04-16 (about 2 years ago)

Other

Published
Title
Published
2022-03-15
Title
Super Socializer < 7.13.30 - Reflected Cross-Site Scripting
Published
2022-10-28
Title
Spacer < 3.0.7 - Admin+ Stored XSS
Published
2018-10-08
Title
WPML < 4.0 - Unauthenticated Stored Cross-Site Scripting (XSS)
Published
2023-12-26
Title
Beaver Builder < 2.7.2.1 - Contributor+ Stored XSS
Published
2020-04-11
Title
Support Ticket System By Phoeniixx <= 2.7 - Unauthenticated Reflected XSS