Popup Box < 3.7.9 – Admin+ Stored XSS | CVE 2023-5343 | Plugin Vulnerabilities

Description

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed.

Proof of Concept

1) Create a new popup via /wp-admin/admin.php?page=ays-pb&action=add
2) Set its "Custom content" and "Popup description" fields to the following: <script>alert(1);</script>
3) Save, and notice the alert box appearing when re-editing the popup, and visiting the website.

Affects Plugins

Fixed in 3.7.9

References

CVE

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CVSS

Miscellaneous

Original Researcher

Rafael Aristodimou

Submitter

Rafael Aristodimou

Verified

Yes

WPVDB ID

74613b38-48f2-43d5-bae5-25c89ba7db6e

Timeline

Publicly Published

2023-10-27 (about 6 months ago)

Added

2023-10-27 (about 6 months ago)

Last Updated

2024-01-02 (about 4 months ago)

Other

Published

Title

Published

2019-10-14

Title

WordPress <= 5.2.3 - Stored XSS in Style Tags

Published

2024-03-26

Title

Seriously Simple Podcasting < 3.1.0 - Reflected Cross-Site Scripting

Published

2022-04-25

Title

WPC Smart Wishlist for WooCommerce < 2.9.9 - Reflected Cross-Site Scripting

Published

2022-10-10

Title

JReviews <= 4.1.5 - Reflected Cross-Site Scripting

Published

2021-08-24

Title

SMTP Mail < 1.2 - Reflected Cross-Site Scripting (XSS)