WordPress Plugin Vulnerabilities
Ivory Search < 4.5.11 - Authenticated Reflected Cross-Site Scripting (XSS)
Description
The setting page of Ivory Search 4.5.10 is vulnerable to reflected XSS when a logged in administrator visit a malicious link or page, as it does not sanitise or escape the GET post parameter before outputting it in a tag attribute
Proof of Concept
As an admin user, open: https://example.com/wp-admin/admin.php?page=ivory-search-new&tab=customize&post=a\"><script>alert(/XSS/)<%2Fscript> Video: https://mega.nz/file/3tVzzYgA#M6LIoYcnNJbMX6UU19mU7QKCLdNp7Ur0PPsrY8Mj3z0
Affects Plugins
Fixed in version 4.5.11
Classification
Miscellaneous
Original Researcher
Nguyen Anh Tien - SunCSR (Sun* Cyber Security Research)
Submitter
Nguyen Anh Tien
Submitter website
Submitter twitter
Verified
Yes
Timeline
Publicly Published
2021-02-01 (about 2 years ago)
Added
2021-02-01 (about 2 years ago)
Last Updated
2021-02-01 (about 2 years ago)