Gianism <= 5.1.0 – Admin+ Stored XSS | CVE 2024-3921 | Plugin Vulnerabilities

Description

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

Proof of Concept

1. Go to https://example.com/wp-admin/options-general.php?page=gianism&view=setting
2. In the "URL Prefix" field, enter the payload `<img src=xss onerror=alert(1)>`
3. Save and see the XSS

Affects Plugins

No known fix

References

CVE

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

Miscellaneous

Original Researcher

Felipe Restrepo Rodriguez, Mateo Gutierrez Gomez

Submitter

Felipe Restrepo Rodriguez, Mateo Gutierrez Gomez

Submitter website

https://pfelilpe.com

Submitter twitter

Verified

Yes

WPVDB ID

3c114e14-9113-411d-91f3-2e2daeb40739

Timeline

Publicly Published

2024-05-08 (about 1 months ago)

Added

2024-05-08 (about 1 months ago)

Last Updated

2024-05-08 (about 1 months ago)

Other

Published

Title

Published

2023-05-15

Title

Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue < 3.1.61 - Reflected XSS

Published

2021-06-29

Title

WP Offload SES Lite < 1.4.5 - Stored Cross-Site Scripting (XSS)

Published

2024-04-30

Title

Min and Max Purchase for WooCommerce <= 2.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

Published

2021-10-25

Title

WP Spell Check < 9.3 - Reflected Cross-Site Scripting

Published

2021-06-28

Title

Yada Wiki < 3.4.1 - Contributor+ Stored XSS