WordPress Plugin Vulnerabilities

PostX < 4.1.0 - Contributor+ Stored XSS

Description

The plugin does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks

Proof of Concept

Affects Plugins

Plugin icon
ultimate-post
Fixed in 4.1.0

References

CVE
CVE-2024-4305
URL
https://research.cleantalk.org/cve-2024-4305/

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
5.9 (medium)

Miscellaneous

Original Researcher
Dmitrii Ignatyev
Submitter
Dmitrii Ignatyev
Submitter website
https://www.linkedin.com/in/dmitriy-ignatyev-8a9189267/
Verified
Yes
WPVDB ID
635be98d-4c17-4e75-871f-9794d85a2eb1

Timeline

Publicly Published
2024-05-27 (about 1 year ago)
Added
2024-05-27 (about 1 year ago)
Last Updated
2024-05-27 (about 1 year ago)

Other

Published
Title
Published
2022-12-28
Title
ShiftNav – Responsive Mobile Menu < 1.7.2 - Contributor+ Stored XSS in Shortcode
Published
2023-06-19
Title
EventPrime < 3.0.6 - Reflected Cross-Site Scripting
Published
2024-05-31
Title
Google CSE <= 1.0.7 - Authenticated (Admin+) Stored Cross-Site Scripting
Published
2016-03-23
Title
Anti-Malware Security & Brute-Force Firewall < 4.15.44 - XSS & CSRF
Published
2025-04-11
Title
Advanced Custom Fields: Link Picker Field <= 1.2.8 - Reflected Cross-Site Scripting