WordPress Plugin Vulnerabilities
Locatoraid Store Locator < 3.9.24 - Reflected XSS
Description
The plugin does not sanitise and escape the lpr-search parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
Proof of Concept
Setup (as admin): - Locatoraid > Configuration > Google Maps > Enter "none" at Google Maps Browser API Key and Save - Locatoraid > Publish > Add New (Pages with block) > Insert Shortcode [locatoraid] and Publish - Go to Appearance > Widgets > Add block Locatoraid Search Form to Footer Area Attack (as unauthenticated) Open or make a logged in user open the following URL: http://example.com/?lpr-search="onfocus=alert(/XSS/) autofocus "
Affects Plugins
References
CVE
Classification
Type
XSS
OWASP top 10
CWE
CVSS
Miscellaneous
Original Researcher
Dao Xuan Hieu
Submitter
Dao Xuan Hieu
Verified
Yes
WPVDB ID
Timeline
Publicly Published
2023-08-28 (about 8 months ago)
Added
2023-08-30 (about 8 months ago)
Last Updated
2023-08-30 (about 8 months ago)