WordPress Plugin Vulnerabilities

Vik Rent Car < 1.1.10 - Authenticated Stored Cross-Site Scripting (XSS)

Description

The plugin does not sanitise the 'Text Next to Icon' field when adding or editing a Characteristic, allowing high privilege users such as admin to use XSS payload in it, leading to an authenticated Stored Cross-Site Scripting issue

Proof of Concept

Add or Edit a Characteristic (/wp-admin/admin.php?option=com_vikrentcar&task=carat)) with the following payload in the 'Text Next to Icon' field: <script>alert(/XSS/)</script>

Then view the Characteristics List to trigger the XSS

Affects Plugins

Plugin icon
vikrentcar
Fixed in 1.1.10

References

CVE
CVE-2021-24519

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
4.8 (medium)

Miscellaneous

Original Researcher
Muhammad Daffa
Submitter
Muhammad Daffa
Submitter website
https://daffa.tech
Submitter twitter
daffainfo
Verified
Yes
WPVDB ID
368828f9-fdd1-4a82-8658-20e0f4c4da0c

Timeline

Publicly Published
2021-07-19 (about 2 years ago)
Added
2021-07-19 (about 2 years ago)
Last Updated
2022-04-12 (about 2 years ago)

Other

Published
Title
Published
2023-04-19
Title
Continuous announcement scroller <= 13.0 - Admin+ Stored XSS
Published
2021-09-13
Title
Coming Soon and Maintenance Mode < 3.5.3 - Authenticated Stored XSS
Published
2023-04-06
Title
Appointment and Event Booking Calendar for WordPress < 1.0.76 - Reflected XSS
Published
2017-02-03
Title
WP Super Cache < 1.4.9 - Cross-Site Scripting (XSS)
Published
2022-04-07
Title
Plausible Analytics < 1.2.3 - Admin+ Stored Cross-Site Scripting