WordPress Plugin Vulnerabilities

AN_GradeBook <= 5.0.1 - Admin+ XSS

Description

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

Proof of Concept

1. When adding a new course in the plugin settings, all fields are vulnerable to XSS with the payload: <script>alert('xss')</script>

2. Enter the payload into any field and reload the page to see XSS.

Affects Plugins

Plugin icon
an-gradebook
No known fix

References

CVE
CVE-2023-2709

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
3.5 (low)

Miscellaneous

Original Researcher
Bob Matyas
Submitter
Bob Matyas
Submitter website
https://www.bobmatyas.com
Submitter twitter
bobmatyas
Verified
Yes
WPVDB ID
2504dadb-1086-4fa9-8fc7-b93018423515

Timeline

Publicly Published
2023-06-19 (about 5 months ago)
Added
2023-06-19 (about 5 months ago)
Last Updated
2023-06-19 (about 5 months ago)

Other

Published
Title
Published
2023-05-30
Title
Call Now Icon Animate <= 0.1.0 - Admin+ Stored XSS
Published
2021-10-20
Title
BetterLinks < 1.2.6 - Admin+ Stored Cross-Site Scripting
Published
2020-07-13
Title
Prolisting - Directory Listing < 1.27 - Unauthenticated Reflected XSS
Published
2015-12-22
Title
Content text slider on post < 6.9 - Authenticated Stored Cross-Site Scripting (XSS)
Published
2019-04-24
Title
JobCareer < 2.5.1 - Authenticated Stored Cross-Site Scripting