WordPress Plugin Vulnerabilities
ActivityPub for WordPress < 1.0.0 - Contributor+ Stored XSS
Description
The plugin does not escape user metadata before outputting them in mentions, which could allow users with a role of Contributor and above to perform Stored XSS attacks
Proof of Concept
As a contributor, put the following payload in a post (the payload will have to be updated accordingly to watch the correct user and domain) ahoy hoy @user@malicious-activitypub.site The XSS will be trigged when viewing/previewing the post
Affects Plugins
References
CVE
Classification
Type
XSS
OWASP top 10
CWE
CVSS
Miscellaneous
Original Researcher
Ben Bidner
Verified
Yes
WPVDB ID
Timeline
Publicly Published
2023-09-25 (about 7 months ago)
Added
2023-09-25 (about 7 months ago)
Last Updated
2023-09-25 (about 7 months ago)