Coming Soon, Under Construction & Maintenance Mode By Dazzler < 1.6.7 – Admin+ Stored Cross-Site Scripting | CVE 2021-24539 | Plugin Vulnerabilities

Description

The plugin does not sanitise or escape its description setting when outputting it in the frontend when the Coming Soon mode is enabled, even when the unfiltered_html capability is disallowed, leading to an authenticated Stored Cross-Site Scripting issue

Proof of Concept

Via the plugin's settings:
- Enable the 'Coming Soon Mode'
- Put the following payload in the Description field <svg onload=alert(/XSS/)>

Then access the frontend as a user to trigger the XSS

Affects Plugins

Fixed in 1.6.7

References

CVE

URL

https://www.hackpertise.com/cve/19/

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CVSS

Miscellaneous

Original Researcher

Asif Nawaz Minhas

Submitter

Asif Nawaz Minhas

Verified

Yes

WPVDB ID

4bda5dff-f577-4cd8-a225-c6b4c32f22b4

Timeline

Publicly Published

2021-10-04 (about 4 years ago)

Added

2021-10-04 (about 4 years ago)

Last Updated

2023-04-12 (about 2 years ago)

Other

Published

Title

Published

2023-11-07

Title

Pinyin Slugs < 2.3.1 - Authenticated (Administrator+) Stored Cross-Site Scripting

Published

2022-08-01

Title

Enable SVG, WebP & ICO Upload < 1.1.1 - Author+ Arbitrary File Upload

Published

2024-10-14

Title

AB Categories Search Widget <= 0.2.5 - Reflected Cross-Site Scripting

Published

2024-11-28

Title

WooCommerce Ultimate Gift Card - Create, Sell and Manage Gift Cards with Customized Email Templates < 2.9.1 - Reflected Cross-Site Scripting

Published

2024-05-07

Title

Easy Affiliate Links < 3.7.3 - Authenticated (Contributor+) Stored Cross-Site Scripting