WordPress Plugin Vulnerabilities

Easy Social Icons < 3.2.0 - Admin+ Stored Cross-Site Scripting

Description

The plugin does not sanitise and escape its saved settings before outputting them in attributes, which could allow high privilege users to perform Cross-Site Scripting attacks when the unfiltered_html capability is disallowed.

3.1.3 added some escaping, but data was output elsewhere

Proof of Concept

Put the following payload in any of the plugin's settings (there is client side validation, which can be bypassed by removing the type=number on input tags via the web browser inspector): "><script>alert(/XSS/)</script>

The XSS will be triggered in the settings, as well as Icons list

Affects Plugins

Plugin icon
easy-social-icons
Fixed in 3.2.0

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
3.4 (low)

Miscellaneous

Verified
Yes
WPVDB ID
58d7e0e0-d9ba-4502-ae3a-d12b07b92bf1

Timeline

Publicly Published
2022-03-15 (about 1 years ago)
Added
2022-03-15 (about 1 years ago)
Last Updated
2022-03-15 (about 1 years ago)

Other

Published
Title
Published
2016-04-04
Title
ScoreMe Theme - Unauthenticated Reflected Cross-Site Scripting (XSS)
Published
2022-04-20
Title
Social Stickers <= 2.2.9 - Stored Cross-Site Scripting via CSRF
Published
2023-08-14
Title
Robo Gallery < 3.2.16 - Admin+ Stored XSS
Published
2023-11-07
Title
WPDBSpringClean <= 1.6 - Reflected XSS
Published
2015-07-09
Title
GD bbPress Attachments <= 2.2 - Authenticated Reflected Cross-Site Scripting (XSS)