WordPress Plugin Vulnerabilities

GD bbPress Attachments <= 2.5 - Authenticated Stored XSS

Description

An authenticated user of a bbPress forum, who can attach a file, can inject arbitrary JavaScript code via the image filename. The arbitrary code runs both on the topic page and in the admin panel, and it only affects the administrators, moderators and the attacker.

The variable $error[‘file’] in /code/attachments/front.php (line 349) is not escaped.

Affects Plugins

Plugin icon
gd-bbpress-attachments
Fixed in 2.6

References

URL
https://www.gubello.me/blog/gd-bbpress-attachments-2-5-authenticated-stored-xss/
URL
https://www.dev4press.com/blog/plugins/2018/gd-bbpress-attachments-2-6/
URL
https://plugins.trac.wordpress.org/changeset/1865293/gd-bbpress-attachments

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79

Miscellaneous

Submitter
Luigi
Submitter website
https://www.gubello.me/blog/
Verified
No
WPVDB ID
55da5a13-372f-46f7-9686-469c95363c1f

Timeline

Publicly Published
2018-05-14 (about 6 years ago)
Added
2018-05-14 (about 6 years ago)
Last Updated
2020-04-15 (about 4 years ago)

Other

Published
Title
Published
2022-11-28
Title
External Media < 1.0.36 - Admin+ Stored XSS
Published
2023-06-02
Title
Multiple plugins by vcita - Contributor+ Stored Cross-Site Scripting
Published
2024-04-04
Title
Custom post types, Custom Fields & more < 5.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2015-06-12
Title
Yoast SEO < 2.2 - Authenticated Stored DOM XSS
Published
2016-11-12
Title
Check Email < 0.5.2 - Cross-Site Scripting (XSS)