WordPress Plugin Vulnerabilities

Testimonial Rotator <= 3.0.3 - Authenticated Stored Cross-Site Scripting

Description

Stored Cross-Site Scripting vulnerabilities in Testimonial Rotator 3.0.3 allow low privileged users (Contributor) to inject arbitrary JavaScript code or HTML without approval. This could lead to privilege escalation

Edit (WPScanTeam):
The https://wordpress.org/plugins/themify-portfolio-post/ plugin also need to be installed for the issue to be exploited.

December 3rd, 2020 - Escalated to WP & WP Investigating
February 19th, 2021 - No Updates, disclosing

Proof of Concept

The PoC will be displayed once the issue has been remediated

Affects Plugins

testimonial-rotator

No known fix - plugin closed

References

CVE

CVE-2021-24156

URL

https://mega.nz/file/ftVSmRCC#ctqUg89CKszEuLO3eeQVazUStTPvoQD6LlbWNSMa7uA

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CWE-79

Miscellaneous

Original Researcher

Nguyen Anh Tien - SunCSR (Sun* Cyber Security Research)

Submitter

Nguyen Anh Tien

Submitter website

https://research.sun-asterisk.com/

Submitter twitter

vigov5

Verified

Yes

WPVDB ID

8b6f4a77-4008-4730-9a91-fa055a8b3e68

Timeline

Publicly Published

2021-02-19 (about 2 years ago)

Added

2021-02-19 (about 2 years ago)

Last Updated

2021-02-23 (about 2 years ago)

Our Other Services

WPScan WordPress Security Plugin