Connections Business Directory < 10.4.3 – Admin+ Stored Cross-Site Scripting | CVE 2021-24794 | Plugin Vulnerabilities

Description

The plugin does not escape the Address settings when creating an Entry, which could allow high privilege users to perform Cross-Site Scripting when the unfiltered_html capability is disallowed.

Proof of Concept

Add an Entry (/wp-admin/admin.php?page=connections_add) and put the following payload in the Address Line fields: inval1d"><img src onerror=alert('xss')>

The XSS will be triggered when accessing Manage page (/wp-admin/admin.php?page=connections_manage)

Affects Plugins

Fixed in 10.4.3

References

CVE

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CVSS

Miscellaneous

Original Researcher

Huy Nguyen

Submitter

Huy Nguyen

Submitter website

https://www.linkedin.com/in/id-laladee/

Verified

Yes

WPVDB ID

651dc567-943e-4f57-8ec4-6eee466785f5

Timeline

Publicly Published

2021-09-28 (about 2 years ago)

Added

2021-09-28 (about 2 years ago)

Last Updated

2022-04-08 (about 2 years ago)

Other

Published

Title

Published

2014-08-01

Title

WP-Banners-Lite 1.4.0 - Cross-Site Scripting (XSS)

Published

2022-09-01

Title

Blossom Recipe Maker < 1.0.8 - Contributor+ Stored Cross-Site Scripting

Published

2023-10-17

Title

Media Library Assistant < 3.12 - Author+ Stored XSS

Published

2024-04-09

Title

Elementor Addons by Livemesh < 8.3.7 - Authenticated(Contributor+) Stored Cross-Site Scripting via widget _id attribute

Published

2023-03-14

Title

Easy Event calendar <= 1.0 - Admin+ Stored XSS