Special Text Boxes < 5.9.110 – Admin+ Stored Cross-Site Scripting | CVE 2021-24485 | Plugin Vulnerabilities

Description

The plugin does not sanitise or escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed.

Proof of Concept

Put the following payload in any of the field in the 'Basic Settings' section of the plugin's setting (/wp-admin/admin.php?page=stb-settings): " autofocus onfocus=alert(/XSS/)//

Affects Plugins

wp-special-textboxes

Fixed in 5.9.110

References

CVE

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CVSS

Miscellaneous

Original Researcher

Akash Rajendra Patil

Submitter

Akash Rajendra Patil

Submitter website

https://akashpatil.me

Submitter twitter

Verified

Yes

WPVDB ID

4a6b278a-4c11-4624-86bf-754212979643

Timeline

Publicly Published

2021-09-21 (about 2 years ago)

Added

2021-09-21 (about 2 years ago)

Last Updated

2022-07-01 (about 1 years ago)

Other

Published

Title

Published

2024-03-26

Title

Elementor Website Builder – More than Just a Page Builder < 3.20.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Navigation

Published

2014-08-01

Title

Duplicator - installer.cleanup.php package Parameter XSS

Published

2021-10-04

Title

Events Made Easy < 2.2.24 - Admin+ Stored Cross-Site Scripting

Published

2023-01-27

Title

BNE Testimonials < 2.0.8 - Contributor+ Stored XSS

Published

2023-06-20

Title

Mailtree Log Mail < 1.0.1 - Unauthenticated Stored Cross-Site Scripting