WordPress Plugin Vulnerabilities

Gravity Forms < 2.7.5 - Reflected XSS

Description

The plugin does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting which could be used against high-privileged users such as admin.

Proof of Concept

Make a logged in admin open the following URL:

https://examle.com/wp-admin/admin.php?page=gf_edit_forms&s=vulnerable&"><script>alert(/XSS/)</script>=2

Affects Plugins

Plugin icon
gravityforms
Fixed in 2.7.5

References

CVE
CVE-2023-2701

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
7.1 (high)

Miscellaneous

Original Researcher
Fioravante Souza (WPScan)
Submitter website
https://wpscan.com
Verified
Yes
WPVDB ID
298fbe34-62c2-4e56-9bdb-90da570c5bbe

Timeline

Publicly Published
2023-06-21 (about 5 months ago)
Added
2023-06-21 (about 5 months ago)
Last Updated
2023-06-21 (about 5 months ago)

Other

Published
Title
Published
2014-08-01
Title
bp-code-snippets <= 2.0 - XSS in ZeroClipboard
Published
2014-08-01
Title
Konzept - Unspecified XSS
Published
2023-06-02
Title
Download SpamReferrerBlock <= 2.22 - Admin+ Stored XSS
Published
2015-05-14
Title
Multiple Plugins - jQuery prettyPhoto DOM Cross-Site Scripting (XSS)
Published
2023-01-24
Title
Spectra < 1.15.0 - Contributor+ Stored Cross-Side Scripting