WordPress Plugin Vulnerabilities

Multiple Plugins - Cross-Site Scripting From Third-party Library

Description

The plugins use a third-party library that removes the escaping on some HTML characters, leading to a cross-site scripting vulnerability.

Proof of Concept

WP-Optimize - Reflected Cross-Site Scripting

1. Go to the plugin settings and in the "Images" section check the box "Create WebP version of image".
2. Visit the page: /?s=<script>alert(/XSS/)</script>

SrbTransLatin - Contributor+ Stored Cross-Site Scripting

1. Create a post and add the following content: <script>alert(/XSS/)</script>
2. Load the post on the frontend, and see the XSS alert.

Affects Plugins

Plugin icon
wp-optimize
Fixed in 3.2.13
Plugin icon
srbtranslatin
Fixed in 2.4.1

References

CVE
CVE-2023-1119

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
7.1 (high)

Miscellaneous

Original Researcher
Paolo Elia
Submitter
Paolo Elia
Verified
Yes
WPVDB ID
2e78735a-a7fc-41fe-8284-45bf451eff06

Timeline

Publicly Published
2023-06-19 (about 5 months ago)
Added
2023-06-19 (about 5 months ago)
Last Updated
2023-08-14 (about 3 months ago)

Other

Published
Title
Published
2021-03-31
Title
Goto - Tour & Travel < 2.0 - Unauthenticated Reflected XSS
Published
2022-05-11
Title
WooCommerce Green Wallet Gateway < 1.0.2 - Reflected Cross Site Scripting in checkout page
Published
2021-03-26
Title
Vertical News Scroller < 1.17 - Authenticated Reflected Cross-Site Scripting (XSS)
Published
2023-01-19
Title
WP eBay Product Feeds < 3.4 - Admin+ Stored XSS
Published
2021-10-11
Title
WPSchoolPress < 2.1.10 - Reflected Cross-Site Scripting