WordPress Plugin Vulnerabilities

InventoryPress <= 1.7 - Author+ Stored XSS

Description

The plugin does not sanitise and escape some of its settings, which could allow users with the role of author and above to perform Stored Cross-Site Scripting attacks.

Proof of Concept

1. Create a "New Inventory Item"
2. In the "Description" field, add the value `"><script>alert("xss")</script>`
3. Edit the created item and see the XSS.

Affects Plugins

Plugin icon
inventorypress
No known fix

References

CVE
CVE-2023-2579
URL
https://github.com/daniloalbuqrque/poc-cve-xss-inventory-press-plugin

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
6.8 (medium)

Miscellaneous

Original Researcher
daniloalbuqrque
Submitter
daniloalbuqrque
Submitter website
https://github.com/daniloalbuqrque
Verified
Yes
WPVDB ID
3cfcb8cc-9c4f-409c-934f-9f3f043de6fe

Timeline

Publicly Published
2023-06-23 (about 5 months ago)
Added
2023-06-23 (about 5 months ago)
Last Updated
2023-06-23 (about 5 months ago)

Other

Published
Title
Published
2014-08-01
Title
LBG Zoominoutslider - add_banner.php name Parameter Stored XSS
Published
2015-08-25
Title
Simple Fields <= 1.4.10 - Authenticated Reflected Cross-Site Scripting (XSS)
Published
2022-12-02
Title
WP Google Review Slider < 11.6 - Admin+ Stored XSS
Published
2019-05-30
Title
WP Statistics <= 12.6.5 - Authenticated Stored XSS
Published
2023-05-12
Title
itemprop WP for SERP/SEO Rich snippets <= 3.5.201706131 - Admin+ Stored XSS