Print-O-Matic < 2.0.3 – Admin+ Stored Cross-Site Scripting | CVE 2021-24710 | Plugin Vulnerabilities

Description

The plugin does not escape some of its settings before outputting them in attribute, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.

Proof of Concept

Put the following payload in the "Pause Before Print" settings of the plugin:

- v < 2.0.1 - "><script>alert(/XSS/)</script>
- v < 2.0.3 - " style=animation-name:rotation onanimationstart=alert(/XSS/)//

The XSS will be triggered when viewing the plugin's settings

Affects Plugins

Fixed in 2.0.3

References

CVE

URL

https://plugins.trac.wordpress.org/changeset/2610060/

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CVSS

Miscellaneous

Original Researcher

Zain Ahmed

Submitter

Zain Ahmed

Verified

Yes

WPVDB ID

84e83d52-f69a-4de2-80c8-7c1996b30a04

Timeline

Publicly Published

2021-10-11 (about 4 years ago)

Added

2021-10-11 (about 4 years ago)

Last Updated

2022-04-08 (about 3 years ago)

Other

Published

Title

Published

2024-11-15

Title

Bounce Handler MailPoet 3 <= 1.3.21 - Reflected Cross-Site Scripting

Published

2024-11-22

Title

Post Hits Counter <= 2.8.23 - Reflected Cross-Site Scripting

Published

2023-08-10

Title

Contact Form Generator < 2.6.0 - Reflected XSS

Published

2023-05-15

Title

WP SMS < 6.1.5 - Reflected XSS

Published

2025-03-31

Title

WP Date and Time Shortcode < 2.6.8 - Authenticated (Contributor+) Stored Cross-Site Scripting