WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

Google XML Sitemaps < 4.1.3 - Admin+ Stored Cross-Site Scripting

Description

The plugin does not sanitise and escape a settings before outputting it in the Debug page, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

Proof of Concept

Put the following payload in the "Try to increase the memory limit to" settings of the plugin: <script>alert(/XSS/)</script>

The XSS will be triggered when accessing the Debug Function, e.g: https://example.com/wp-admin/options-general.php?page=google-sitemap-generator%2Fsitemap.php&sm_rebuild=true&sm_do_debug=true&_wpnonce=3e59e7544a

Affects Plugins

google-sitemap-generator
Fixed in version 4.1.3

References

CVE
CVE-2021-25088

Classification

Type

XSS

OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79

Miscellaneous

Original Researcher

ZhongFu Su(JrXnm) of Wuhan University

Submitter

ZhongFu Su(JrXnm) of Wuhan University

Submitter website
https://blog.szfszf.top
Submitter twitter
JrXnm
Verified

Yes

WPVDB ID
820c51d6-186e-4d63-b4a7-bd0a59c02cc8

Timeline

Publicly Published

2022-05-30 (about 4 months ago)

Added

2022-05-30 (about 4 months ago)

Last Updated

2022-09-26 (about 2 days ago)

Our Other Services

WPScan WordPress Security Plugin