Allow REL= and HTML in Author Bios <= .1- Author+ Stored Cross-Site Scripting | Plugin Vulnerabilities

Description

The plugin does not sanitise the allowed HTML in Bio, allowing user with a role as low as author to perform Cross-Site Scripting attack against users viewing their posts

Proof of Concept

As Author, put a JS payload such as <script>alert(/XSS/)</script> in your Biographical Info (via your Profile), then access any public posts made by your user to trigger the XSS

https://drive.google.com/file/d/12zId-3IdjicDalfN4ZnyHQ4yJYsbJDHz/view?usp=sharing

Affects Plugins

allow-rel-and-html-in-author-bios

No known fix

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CVSS

Miscellaneous

Original Researcher

Veshraj Ghimire

Submitter

Vess Razz

Submitter website

https://veshrajghimire.com.np

Submitter twitter

Verified

Yes

WPVDB ID

69e84d33-b88d-4d0f-9bf7-b9f87bead687

Timeline

Publicly Published

2021-09-21 (about 4 years ago)

Added

2021-09-21 (about 4 years ago)

Last Updated

2021-09-21 (about 4 years ago)

Other

Published

Title

Published

2023-01-17

Title

Meks Flexible Shortcodes < 1.3.5 - Contributor+ Stored XSS

Published

2023-11-13

Title

Chaty < 3.1.3 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings

Published

2024-05-23

Title

Spectra < 2.13.1 - Author+ Stored XSS

Published

2024-08-12

Title

Houzez < 3.2.5 - Reflected Cross-Site Scripting

Published

2023-05-15

Title

Stop Spammers Security < 2023 - Reflected XSS