Related Posts for WordPress < 2.0.4 – Authenticated Reflected Cross-Site Scripting (XSS) | CVE 2021-24180 | Plugin Vulnerabilities

Description

Unvalidated input and lack of output encoding within the plugin lead to a Reflected Cross-Site Scripting (XSS) vulnerability within the 'lang' GET parameter while editing a post, triggered when users with the capability of editing posts access a malicious URL.

Proof of Concept

/wp-admin/post.php?post=1&action=edit&lang='><script>alert(/XSS/)</script>

Root causes: classes/meta-boxes/class-meta-box-manage.php:69

if ( isset( $_GET['lang'] ) ) {
  $url .= "&amp;lang=" . $_GET['lang'];
}

echo "<span id='view-post-btn'>";
echo "<a href='" . $url . "' class='button button-primary'>";
_e( 'Add Related Posts', 'related-posts-for-wp' );

Affects Plugins

related-posts-for-wp

Fixed in 2.0.4

References

CVE

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CVSS

Miscellaneous

Original Researcher

Nguyen Anh Tien - SunCSR (Sun* Cyber Security Research)

Submitter

Nguyen Anh Tien

Submitter website

https://research.sun-asterisk.com/

Submitter twitter

Verified

Yes

WPVDB ID

7593d5c8-cbc2-4469-b36b-5d4fb6d49718

Timeline

Publicly Published

2021-03-15 (about 4 years ago)

Added

2021-03-15 (about 4 years ago)

Last Updated

2021-03-20 (about 4 years ago)

Other

Published

Title

Published

2025-01-17

Title

Picture Gallery – Frontend Image Uploads, AJAX Photo List < 1.5.23 - Authenticated (Contributor+) Stored Cross-Site Scripting via videowhisper_picture_upload_guest Shortcode

Published

2024-07-06

Title

Social Media & Share Icons < 2.9.2 - Authenticated (Administrator+) Stored Cross-Site Scripting

Published

2025-01-30

Title

WPRadio – WordPress Radio Streaming Plugin < 1.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting

Published

2024-08-01

Title

WooCommerce PDF Vouchers < 4.9.5 - Reflected Cross-Site Scripting

Published

2022-07-18

Title

Better Tag Cloud <= 0.99.5 - Admin+ Stored Cross-Site Scripting