WP Mapa Politico Espana < 3.7.0 – Authenticated Stored Cross-Site Scripting | CVE 2021-24609

Description

The plugin does not sanitise or escape some of its settings before outputting them in attributes, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed

Proof of Concept

Put the following payload in any of the Maps > Zona setting fields (such as A Coruna): "><script>alert(/XSS/)</script>

Affects Plugins

wp-mapa-politico-spain

Fixed in 3.7.0

References

CVE

CVE-2021-24609

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CWE-79

CVSS

3.5 (low)

Miscellaneous

Original Researcher

xiahao@webray.com.cn inc

Submitter

xiahao@webray.com.cn inc

Submitter twitter

lAmn9V6MU9Dfb8p

Verified

Yes

WPVDB ID

8b639743-3eb5-4f74-a156-76cb657bbe05

Timeline

Publicly Published

2021-08-05 (about 2 years ago)

Added

2021-08-19 (about 2 years ago)

Last Updated

2022-03-07 (about 2 years ago)

Other

Published

Title

Published

2022-12-27

Title

Page-list < 5.3 - Contributor+ Stored XSS

Published

2014-08-01

Title

Group Documents 1.2 - File Uploading Multiple Parameter Stored XSS

Published

2014-08-01

Title

DZS Video Gallery - deploy/preview.swf logoLink Parameter Reflected XSS

Published

2019-05-13

Title

Photo Gallery by 10Web <= 1.5.22 - Authenticated XSS

Published

2024-02-26

Title

Orbit Fox by ThemeIsle < 2.10.31 - Contributor+ Stored XSS via Form Widget