Testimonial Builder < 1.6.0 – Admin+ Stored Cross-Site Scripting | CVE 2021-24598 | Plugin Vulnerabilities

Description

The plugin does not escape some testimonial fields which could allow high privilege users to perform Cross Site Scripting attacks even when the unfiltered_html capability is disallowed

Proof of Concept

As admin, create/edit a testimonial and put the following payload in the Testimonial User Name field: " style=animation-name:rotation onanimationstart=alert(/XSS/)//

Affects Plugins

testimonial-builder

Fixed in 1.6.0

References

CVE

URL

https://plugins.trac.wordpress.org/changeset/2606523/

URL

https://www.hackpertise.com/cve/25-cve-2021-24598/

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CVSS

Miscellaneous

Original Researcher

Asif Nawaz Minhas

Submitter

Asif Nawaz Minhas

Verified

Yes

WPVDB ID

365c09a7-0b10-4145-a415-5c0e9f429ae0

Timeline

Publicly Published

2021-10-13 (about 4 years ago)

Added

2021-10-13 (about 4 years ago)

Last Updated

2023-04-12 (about 2 years ago)

Other

Published

Title

Published

2014-04-25

Title

Shortcode Ninja <= 1.4 - Unauthenticated Reflected XSS

Published

2014-08-01

Title

WP Photo Album Plus < 4.8.12 - wp-photo-album-plus.php wppa-searchstring XSS

Published

2021-07-26

Title

HD Quiz < 1.8.4 - Authenticated Stored XSS

Published

2025-01-16

Title

HM Portfolio <= 1.1.1 - Reflected Cross-Site Scripting

Published

2014-08-01

Title

ClickDesk <= 4.3 - Live Chat Widget Multiple Field XSS