Easy Digital Downloads < 3.1.0.5 – Contributor+ Stored XSS | CVE 2023-0380 | Plugin Vulnerabilities

Description

The plugin does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.

Proof of Concept

Add the "EDD Buy Button" Gutenberg block to a post and put the payload below in the "Additional CSS class(es)" advanced block settings:

" onmouseover="alert(/XSS/)" style="background:red;"

Note: At least one Download need to exist for the issue to trigger.

Affects Plugins

easy-digital-downloads

Fixed in 3.1.0.5

References

CVE

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CVSS

Miscellaneous

Original Researcher

Lana Codes

Submitter

Lana Codes

Submitter website

https://lana.codes/

Submitter twitter

Verified

Yes

WPVDB ID

3256e090-1131-459d-ade5-f052cd5d189f

Timeline

Publicly Published

2023-01-30 (about 1 years ago)

Added

2023-01-30 (about 1 years ago)

Last Updated

2023-01-30 (about 1 years ago)

Other

Published

Title

Published

2016-11-28

Title

WP Whois Domain <= 1.0.0 - Unauthenticated Cross-Site Scripting (XSS)

Published

2015-10-05

Title

Easy2Map < 1.3.0 - Reflected Cross-Site Scripting (XSS)

Published

2024-03-13

Title

Elementor Addons by Livemesh < 8.3.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Posts Multislider Widget

Published

2021-04-13

Title

Premium Addons for Elementor < 4.2.8 - Contributor+ Stored Cross-Site Scripting (XSS)

Published

2024-04-16

Title

WP Stripe Checkout < 1.2.2.42 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode