Responsive Pricing Table < 5.1.11 – Author+ Stored XSS | CVE 2024-1333 | Plugin Vulnerabilities

Description

The plugin does not validate and escape some of its Pricing Table options before outputting them back in a page/post where the related shortcode is embed, which could allow users with the author role and above to perform Stored Cross-Site Scripting attacks

Proof of Concept

- Create a new Pricing Table
- Fill it with valid information, except for the "CSS classes", "Add custom code here" and "Button URL " sections
- Payloads:
  - CSS classes: " onmouseover='alert(/CSS/);'
  - Custom Code: <script>alert(/CustomCode/);</script>
  - Button URL: javascript:alert(/XSS/) (requires the Custom Code to be empty, and the '_rpt_open_newwindow' post meta to be anything other than 'newwindow')

Affects Plugins

dk-pricr-responsive-pricing-table

Fixed in 5.1.11

References

CVE

URL

https://research.cleantalk.org/cve-2024-1333/

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CVSS

Miscellaneous

Original Researcher

Dmitrii Ignatyev

Submitter

Dmitrii Ignatyev

Submitter website

https://research.cleantalk.org

Verified

Yes

WPVDB ID

30546402-03b8-4e18-ad7e-04a6b556ffd7

Timeline

Publicly Published

2024-02-26 (about 1 year ago)

Added

2024-02-26 (about 1 year ago)

Last Updated

2024-03-11 (about 1 year ago)

Other

Published

Title

Published

2024-09-03

Title

Popup Box < 4.7.8 - Admin+ Stored XSS

Published

2024-05-14

Title

Gutenberg Blocks by Kadence Blocks – Page Builder Features < 3.2.38 - Contributor+ Stored Cross-Site Scripting via Typer Effect

Published

2025-04-25

Title

WP Quiz <= 2.0.10 - Authenticated (Contributor+) Stored Cross-Site Scripting

Published

2025-07-03

Title

Smart Docs < 1.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

Published

2023-08-18

Title

WPPizza < 3.17.2 - Reflected XSS