WordPress Plugin Vulnerabilities

Typebot < 1.4.3 - Admin+ Stored Cross Site Scripting

Description

The plugin does not sanitise and escape the Publish ID setting, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.

Proof of Concept

Put the following payload in the 'Publish ID or Full URL" setting and save: "><img src=x onerror=confirm(/XSS/)>

Affects Plugins

typebot

Fixed in version 1.4.3

References

CVE

CVE-2021-24902

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CWE-79

Miscellaneous

Original Researcher

Mansi Singh

Submitter

Mansi Singh

Verified

Yes

WPVDB ID

2bde2030-2dfe-4dd3-afc1-36f7031a91ea

Timeline

Publicly Published

2021-11-29 (about 5 months ago)

Added

2021-11-29 (about 5 months ago)

Last Updated

2022-04-10 (about 1 months ago)

Our Other Services

WPScan WordPress Security Plugin