WordPress Plugin Vulnerabilities

Greenshift < 5.0 - Contributor+ Stored XSS

Description

The plugin does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.

Proof of Concept

Exploit Additional CSS class(es) for "Advanced Heading" Gutenberg block:

" onmouseover="alert(1)" style="background:red;"

Affects Plugins

Plugin icon
greenshift-animation-and-page-builder-blocks
Fixed in 5.0

References

CVE
CVE-2023-0378

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
6.8 (medium)

Miscellaneous

Original Researcher
Lana Codes
Submitter
Lana Codes
Submitter website
https://lana.codes/
Submitter twitter
LanaCodes
Verified
Yes
WPVDB ID
3313cc05-2267-4d93-a8a8-2c0701c21f66

Timeline

Publicly Published
2023-01-27 (about 1 years ago)
Added
2023-01-27 (about 1 years ago)
Last Updated
2023-01-27 (about 1 years ago)

Other

Published
Title
Published
2021-07-24
Title
Project Status <= 1.6 - Reflected Cross-Site Scripting (XSS)
Published
2023-06-05
Title
WP Brutal AI < 2.0.1 - Admin+ Reflected XSS
Published
2020-12-09
Title
DiveBook <= 1.1.4 - Unauthenticated Reflected XSS
Published
2016-12-09
Title
Social Share Buttons - Social Pug <= 1.2.5 - Authenticated Cross-Site Scripting (XSS)
Published
2023-11-07
Title
Pinyin Slugs < 2.3.1 - Authenticated (Administrator+) Stored Cross-Site Scripting