WordPress Plugin Vulnerabilities

WP Food Manager < 1.0.4 - Admin+ Stored XSS

Description

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

Proof of Concept

1. Go to "Food manager > Add Food" and add an example food
2. Edit the added food and go to Food data -> options / Add ons / Toppings -> Add the following XSS payload: `test"><img src=x onerror=confirm(document.domain)>` and fill out the other fields
3. Publish the food, you will see an XSS got triggered

Affects Plugins

Plugin icon
wp-food-manager
Fixed in 1.0.4

References

CVE
CVE-2023-0604

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
3.5 (low)

Miscellaneous

Original Researcher
Nithissh Sathish
Submitter
Nithissh Sathish
Submitter website
https://nithissh.com
Verified
Yes
WPVDB ID
4492b5ad-c339-47f5-9003-a9c5f23efdd9

Timeline

Publicly Published
2023-07-17 (about 10 months ago)
Added
2023-07-17 (about 9 months ago)
Last Updated
2023-07-17 (about 9 months ago)

Other

Published
Title
Published
2024-03-12
Title
Prime Slider – Addons For Elementor < 3.13.3 - Contributor+ Stored Cross-Site Scripting via Mercury Widget
Published
2023-04-19
Title
WP Original Media Path < 2.4.1 - Admin+ Stored XSS
Published
2014-08-01
Title
Simple Login Log - Cross-Site Scripting (XSS)
Published
2021-04-19
Title
Photo Gallery < 1.5.69 - Multiple Reflected Cross-Site Scripting (XSS)
Published
2024-04-05
Title
Fancy Product Designer < 6.1.8 - Reflected Cross Site Scripting