Digital Publications by Supsystic < 1.7.0 – Authenticated Stored Cross-Site Scripting (XSS) | Plugin Vulnerabilities

Description

When creating or editing a publication, all values such as Area Width, Publication Width are vulnerable to stored XSS. It is possible to store code in all input fields as the code does not sanitize any user input.

v1.6.11 attempted to fix the issue by using sanitize_text_field(), however the output is put in an attribute.
v1.6.12 partially fixed it: some events were blacklisted, but arbitrary attributes could still be injected. Also, future events in web browsers could be released, making the security issue reappear.

Proof of Concept

v < 1.6.11: use payloads such as <script>alert(/XSS/)</script>

v <= 1.6.11: payload such as " onfocus=alert(/XSS/) b= / " onmouseover=alert(/XSS/) b=

v <= 1.6.12: " injected=something b=

Affects Plugins

digital-publications-by-supsystic

Fixed in 1.7.0

References

Exploitdb

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CVSS

Miscellaneous

Original Researcher

Erik David Martin

Verified

Yes

WPVDB ID

3d3aaab2-3e70-4b1d-bee4-2e12941cec7c

Timeline

Publicly Published

2021-02-08 (about 5 years ago)

Added

2021-02-08 (about 5 years ago)

Last Updated

2021-03-25 (about 4 years ago)

Other

Published

Title

Published

2025-09-09

Title

Dynamic Text Field For Contact Form 7 < 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

Published

2025-07-08

Title

Auto Login After Registration <= 1.0.0 - Reflected Cross-Site Scripting

Published

2022-01-18

Title

Give < 2.17.3 - Reflected Cross-Site Scripting via Donation Forms Dashboard

Published

2017-04-28

Title

Cforms & CformsII < 14.13.3 - Multiple XSS

Published

2015-05-14

Title

Multiple Plugins - jQuery prettyPhoto DOM Cross-Site Scripting (XSS)