Table of Contents Plus < 2411.1 – Admin+ Stored XSS | CVE 2024-5578 | Plugin Vulnerabilities

Description

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as Admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed.

Proof of Concept

1. Create new post with two more heading. 
2. Go to the settings of the plugin, set the "Show when" to 2, tick the "Auto insert for the following content types" and change "Hide text" field to `&amp;lt;img src onerror=alert(/XSS/)&amp;gt;`
3. Save Settings and see the XSS when seeing the post created in Step 1.

Affects Plugins

table-of-contents-plus

Fixed in 2411.1

References

CVE

URL

https://research.cleantalk.org/cve-2024-5578/

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CVSS

Miscellaneous

Original Researcher

Dmitrii Ignatyev

Submitter

Dmitrii Ignatyev

Submitter website

https://www.linkedin.com/in/dmitriy-ignatyev-8a9189267/

Verified

Yes

WPVDB ID

641e4fc3-4214-4c2e-8245-15e9dcdd37b4

Timeline

Publicly Published

2024-10-15 (about 1 year ago)

Added

2024-10-15 (about 1 year ago)

Last Updated

2025-02-28 (about 9 months ago)

Other

Published

Title

Published

2025-04-10

Title

Related Videos for JW Player <= 1.2.0 - Reflected Cross-Site Scripting

Published

2024-03-29

Title

Ultimate Addons for Beaver Builder – Lite < 1.5.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Separator Widget

Published

2024-12-11

Title

CSV to html < 3.15 - Reflected Cross-Site Scripting

Published

2025-04-01

Title

Donate Me <= 1.2.5 - Authenticated (Subscriber+) Stored Cross-Site Scripting

Published

2025-06-19

Title

Elementor Website Builder < 3.29.1 - Contributor+ Stored XSS