Special Text Boxes < 5.9.110 – Admin+ Stored Cross-Site Scripting | CVE 2021-24485 | Plugin Vulnerabilities

Description

The plugin does not sanitise or escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed.

Proof of Concept

Put the following payload in any of the field in the 'Basic Settings' section of the plugin's setting (/wp-admin/admin.php?page=stb-settings): " autofocus onfocus=alert(/XSS/)//

Affects Plugins

wp-special-textboxes

Fixed in 5.9.110

References

CVE

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CVSS

Miscellaneous

Original Researcher

Akash Rajendra Patil

Submitter

Akash Rajendra Patil

Submitter website

https://akashpatil.me

Submitter twitter

Verified

Yes

WPVDB ID

4a6b278a-4c11-4624-86bf-754212979643

Timeline

Publicly Published

2021-09-21 (about 4 years ago)

Added

2021-09-21 (about 4 years ago)

Last Updated

2022-07-01 (about 3 years ago)

Other

Published

Title

Published

2021-12-15

Title

AMP for WP < 1.0.77.33 - Admin+ Stored Cross-Site Scripting

Published

2024-04-26

Title

Nextgen Gallery < 3.59.1 - Admin+ Stored XSS

Published

2023-02-27

Title

We’re Open! < 1.47 - Admin+ Stored XSS

Published

2024-03-18

Title

PowerPack Lite for Beaver Builder < 1.3.0.1 - Authenticated(Contributor+) Stored Cross-Site Scripting via element link

Published

2024-12-13

Title

TCBD Popover <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting