WP Inventory Manager < 2.1.0.13 – Reflected Cross-Site Scripting | CVE 2023-2123 | Plugin Vulnerabilities

Description

The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting.

Proof of Concept

1. Go to WP Inventory > Inventory Items and create a new Inventory Item.
2. Create a page and add the [wpinventory] shortcode.
3. View the new page on the frontend, and click on the new Inventory Item.
3. Add the URL parameters: display=false&message=%3Cscript%3Ealert(/xss/)%3C/script%3E, and load the page.

Affects Plugins

wp-inventory-manager

Fixed in 2.1.0.13

References

CVE

URL

https://github.com/daniloalbuqrque/poc-cve-xss-encoded-wp-inventory-manager-plugin

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CVSS

Miscellaneous

Original Researcher

daniloalbuqrque

Submitter

daniloalbuqrque

Submitter website

https://github.com/daniloalbuqrque

Verified

Yes

WPVDB ID

44448888-cd5d-482e-859e-123e442ce5c1

Timeline

Publicly Published

2023-04-26 (about 1 years ago)

Added

2023-04-26 (about 1 years ago)

Last Updated

2023-04-26 (about 1 years ago)

Other

Published

Title

Published

2015-11-23

Title

My Link Order <= 4.3 - Authenticated Cross-Site Scripting (XSS)

Published

2023-02-28

Title

NEX-Forms < 8.3.3 - Contributor+ Stored XSS

Published

2023-01-12

Title

WP Blog and Widget < 2.3.1 - Contributor+ Stored XSS via Shortcode

Published

2014-08-01

Title

Schreikasten 0.14.13 - wp-admin/admin-ajax.php Multiple Parameter XSS

Published

2021-07-26

Title

WP SMS < 5.4.13 - Authenticated Stored Cross-Site Scripting