WordPress Plugin Vulnerabilities
Display Post Metadata < 1.5.0 - Contributor+ Stored Cross-Site Scripting
Description
The plugin adds a shortcode to print out custom fields, however their content is not sanitised or escaped which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks
Proof of Concept
- Login as contributor+ - Create a custom field containing XSS payload (eg. <script>alert(1)</script>) - Add this shortcode to the post/page: [metadata element="custom_fields"] - The XSS will be triggered when the post/page is previewed/viewed by any user
Affects Plugins
References
CVE
Classification
Type
XSS
OWASP top 10
CWE
CVSS
Miscellaneous
Original Researcher
Francesco Carlucci
Submitter
Francesco Carlucci
Submitter website
Submitter twitter
Verified
Yes
WPVDB ID
Timeline
Publicly Published
2021-11-15 (about 2 years ago)
Added
2021-11-15 (about 2 years ago)
Last Updated
2022-04-08 (about 2 years ago)