WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

WP Dialog <= 1.2.5.5 - Authenticated Stored Cross-Site Scripting

Description

The plugin does not sanitise and escape some of its settings before outputting them in pages, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.

Proof of Concept

Put the following payload in the Welcome message (st_content parameter) of the plugin:

</script><img src onerror=alert(/XSS/)> to trigger the XSS in any frontend page
</textarea><img src onerror=alert(/XSS/)> to trigger the XSS in the plugin's settings

https://github.com/liaojia-99/my-creat-cve/blob/main/1.md

Affects Plugins

wp-dialog
No known fix - plugin closed

References

CVE
CVE-2021-24600

Classification

Type

XSS

OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79

Miscellaneous

Original Researcher

[email protected] inc

Submitter

[email protected] inc

Verified

Yes

WPVDB ID
413b3a2e-1c05-45ec-b00f-1c137a1ae33e

Timeline

Publicly Published

2021-07-31 (about 9 months ago)

Added

2021-08-19 (about 9 months ago)

Last Updated

2022-03-07 (about 2 months ago)

Our Other Services

WPScan WordPress Security Plugin