WordPress Plugin Vulnerabilities

BP Better Messages < 1.9.9.41 - Reflected Cross-Site Scripting

Description

The plugin sanitise (with sanitize_text_field) but does not escape the 'subject' parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting issue

Proof of Concept

Affects Plugins

Plugin icon
bp-better-messages
Fixed in 1.9.9.41

References

CVE
CVE-2021-24808
URL
https://plugins.trac.wordpress.org/changeset/2605772/bp-better-messages/trunk/views/layout-new.php

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
8.8 (high)

Miscellaneous

Original Researcher
Brandon Roldan
Submitter
Brandon Roldan
Submitter twitter
tomorrowisnew_
Verified
Yes
WPVDB ID
53ff82ec-00ec-4b20-8f60-db9db8c025b4

Timeline

Publicly Published
2021-10-04 (about 4 years ago)
Added
2021-10-04 (about 4 years ago)
Last Updated
2022-04-15 (about 3 years ago)

Other

Published
Title
Published
2023-08-21
Title
URL Shortify < 1.7.6 - Unauthenticated Stored XSS via referer header
Published
2024-06-18
Title
WP Recipe Maker < 9.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'group_tag'
Published
2024-10-08
Title
Contact Form 7 – PayPal & Stripe Add-on < 2.3.1 - Reflected Cross-Site Scripting
Published
2021-05-16
Title
Database Backup for WordPress < 2.4 - Authenticated Persistent Cross-Site Scripting (XSS)
Published
2024-12-26
Title
drm-protected-video-streaming <= 4.2.1 - Reflected XSS