WordPress Plugin Vulnerabilities

Auto Featured Image < 3.9.3 - Reflected Cross-Site Scripting

Description

The plugin does not sanitise and escape the post_id parameter before outputting back in an admin page within a JS block, leading to a Reflected Cross-Site Scripting issue.

Proof of Concept

https://example.com/wp-admin/upload.php?page=menu-media-apt&post_id=alert(/XSS/)

Affects Plugins

Plugin icon
auto-post-thumbnail
Fixed in 3.9.3

References

CVE
CVE-2021-24932

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
8.8 (high)

Miscellaneous

Original Researcher
ZhongFu Su(JrXnm) of Wuhan University
Submitter
ZhongFu Su(JrXnm) of Wuhan University
Submitter website
https://blog.szfszf.top
Submitter twitter
JrXnm
Verified
Yes
WPVDB ID
575c02ea-4fe9-428c-bbc8-e161af679b6d

Timeline

Publicly Published
2021-11-15 (about 2 years ago)
Added
2021-11-15 (about 2 years ago)
Last Updated
2022-09-26 (about 1 years ago)

Other

Published
Title
Published
2022-05-31
Title
Age Gate < 2.20.4 - Reflected Cross-Site Scripting
Published
2022-11-30
Title
Sliderby10Web < 1.2.53 - Admin+ Stored XSS
Published
2023-01-11
Title
WordPrezi < 0.9 - Contributor+ Strored XSS
Published
2022-05-09
Title
User Meta < 2.4.3 - Admin+ Stored Cross-Site Scripting
Published
2016-07-13
Title
All in One SEO Pack <= 2.3.7 - Unauthenticated Stored Cross-Site Scripting (XSS)