Simply Excerpts <= 1.4 – Admin+ Stored XSS | CVE 2023-5137

Description

The plugin does not sanitize and escape some fields in the plugin settings, which could allow high-privilege users such as an administrator to inject arbitrary web scripts even when the unfiltered_html capability is disallowed (for example in a multisite setup).

Proof of Concept

Put the following payload in the "Read more text" setting of the plugin and save: 1"><img src=1 onerror=alert(/xss/)>

Affects Plugins

simply-excerpts

No known fix

References

CVE

CVE-2023-5137

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CWE-79

CVSS

3.4 (low)

Miscellaneous

Original Researcher

niclo

Submitter

niclo

Verified

Yes

WPVDB ID

79b79e9c-ea4f-4188-a1b5-61dda0b5d434

Timeline

Publicly Published

2023-11-13 (about 6 months ago)

Added

2023-11-13 (about 6 months ago)

Last Updated

2023-11-13 (about 6 months ago)

Other

Published

Title

Published

2017-11-23

Title

amtyThumb posts 8.1.3 - Unauthenticated Cross-Site Scripting (XSS)

Published

2022-09-26

Title

Meks Easy Social Share < 1.2.8 - Admin+ Stored Cross-Site Scripting

Published

2016-04-12

Title

S3 Video Plugin <= 0.983 - Unauthenticated Reflected Cross-Site Scripting (XSS)

Published

2021-05-31

Title

Admin Columns Free (< 4.3.2) & Pro (< 5.5.2) - Authenticated Stored Cross-Site Scripting (XSS) in Custom Field

Published

2024-05-15

Title

Post and Page Builder by BoldGrid – Visual Drag and Drop Editor < 1.26.5 - Authenticated (Contributer+) Stored Cross-Site Scripting