WordPress Plugin Vulnerabilities

myCred < 2.4 - Reflected Cross-Site Scripting

Description

The plugin does not sanitise and escape the search query before outputting it back in the history dashboard page, leading to a Reflected Cross-Site Scripting issue

Proof of Concept

https://example.com/wp-admin/users.php?page=mycred_default-history&s=%3Cimg+src+onerror%3Dalert%28/XSS/%29%3E

Affects Plugins

Plugin icon
mycred
Fixed in 2.4

References

CVE
CVE-2021-25015
URL
https://plugins.trac.wordpress.org/changeset/2648350/mycred

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
7.5 (high)

Miscellaneous

Original Researcher
Krzysztof Zając
Submitter
Krzysztof Zając
Submitter website
https://kazet.cc/
Verified
Yes
WPVDB ID
7608829d-2820-49e2-a10e-e93eb3005f68

Timeline

Publicly Published
2021-12-27 (about 2 years ago)
Added
2021-12-27 (about 2 years ago)
Last Updated
2022-04-09 (about 2 years ago)

Other

Published
Title
Published
2022-03-15
Title
Super Socializer < 7.13.30 - Reflected Cross-Site Scripting
Published
2022-07-18
Title
Google Maps Anywhere <= 1.2.6.3 - Admin+ Stored Cross-Site Scripting
Published
2024-04-16
Title
Knight Lab Timeline <= 3.9.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2022-09-12
Title
Add Shortcodes Actions And Filters <= 2.10 - Admin+ Stored XSS
Published
2021-06-30
Title
WP SMS < 5.4.9.1 - Reflected Cross-Site Scripting (XSS)