WordPress Plugin Vulnerabilities

PDF.js Viewer < 2.1.8 - Contributor+ Stored XSS via Shortcode

Description

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.

Proof of Concept

[pdfjs-viewer viewer_height='" onmouseover="alert(1)"']

Affects Plugins

Plugin icon
pdfjs-viewer-shortcode
Fixed in 2.1.8

References

CVE
CVE-2022-4670

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
6.8 (medium)

Miscellaneous

Original Researcher
Lana Codes
Submitter
Lana Codes
Submitter website
https://lana.codes/
Submitter twitter
LanaCodes
Verified
Yes
WPVDB ID
2a67c290-2a27-44fe-95ae-2d427e9d7548

Timeline

Publicly Published
2023-01-10 (about 1 years ago)
Added
2023-01-10 (about 1 years ago)
Last Updated
2023-01-10 (about 1 years ago)

Other

Published
Title
Published
2023-01-13
Title
No API Amazon Affiliate < 4.4.0 - Admin+ Stored XSS
Published
2023-05-15
Title
WooCommerce Pre-Orders < 2.0.0 - Reflected XSS
Published
2014-08-01
Title
WordPress 2.0 - 3.0.1 Multiple Cross-Site Scripting (XSS) in request_filesystem_credentials()
Published
2022-03-08
Title
Ninja Forms File Uploads Extension < 3.3.13 - Unauthenticated Stored Cross-Site Scripting
Published
2022-05-31
Title
Germanized for WooCommerce < 3.9.5 - Reflected Cross-Site Scripting