WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

Digital Publications by Supsystic < 1.7.0 - Authenticated Stored Cross-Site Scripting (XSS)

Description

When creating or editing a publication, all values such as Area Width, Publication Width are vulnerable to stored XSS. It is possible to store code in all input fields as the code does not sanitize any user input.

v1.6.11 attempted to fix the issue by using sanitize_text_field(), however the output is put in an attribute.
v1.6.12 partially fixed it: some events were blacklisted, but arbitrary attributes could still be injected. Also, future events in web browsers could be released, making the security issue reappear.

Proof of Concept

v < 1.6.11: use payloads such as <script>alert(/XSS/)</script>

v <= 1.6.11: payload such as " onfocus=alert(/XSS/) b= / " onmouseover=alert(/XSS/) b=

v <= 1.6.12: " injected=something b=

Affects Plugins

digital-publications-by-supsystic
Fixed in version 1.7.0

References

ExploitDB
49542

Classification

Type

XSS

OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79

Miscellaneous

Original Researcher

Erik David Martin

Verified

Yes

WPVDB ID
3d3aaab2-3e70-4b1d-bee4-2e12941cec7c

Timeline

Publicly Published

2021-02-08 (about 1 years ago)

Added

2021-02-08 (about 1 years ago)

Last Updated

2021-03-25 (about 1 years ago)

Our Other Services

WPScan WordPress Security Plugin