How it works Pricing

Vulnerabilities

WordPress Plugins Themes Stats Submit vulnerabilities

For developers

Status API details CLI scanner

WordPress Plugin Vulnerabilities

Data Tables Generator by Supsystic < 1.10.1 - Authenticated Stored Cross-Site Scripting (XSS)

Description

The "Editor" tab under the "Tables" section is vulnerable to stored XSS. It is possible to store XSS in all input fields as the code does not sanitise any of the user input.

Proof of Concept

Open a Table, go to the editor and enter a payload below in a cell, then save the Table

<= 1.9.99 - <img src onerror=alert(/XSS/)>
<= 1.10.0 - <svg><animate onbegin=alert(/XSS/) attributeName=x dur=1s>

Affects Plugins

data-tables-generator-by-supsystic

Fixed in version 1.10.1

References

ExploitDB

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

Miscellaneous

Original Researcher

Erik David Martin

Verified

Yes

WPVDB ID

56e6afec-e337-432e-a879-99f46547c241

Timeline

Publicly Published

2021-02-08 (about 2 years ago)

Added

2021-02-08 (about 2 years ago)

Last Updated

2021-02-10 (about 2 years ago)

Our Other Services

WPScan WordPress Security Plugin