Testimonial Rotator <= 3.0.3 – Authenticated Stored Cross-Site Scripting | CVE 2021-24156

Description

Stored Cross-Site Scripting vulnerabilities in Testimonial Rotator 3.0.3 allow low privileged users (Contributor) to inject arbitrary JavaScript code or HTML without approval. This could lead to privilege escalation

Edit (WPScanTeam):
The https://wordpress.org/plugins/themify-portfolio-post/ plugin also need to be installed for the issue to be exploited.

December 3rd, 2020 - Escalated to WP & WP Investigating
February 19th, 2021 - No Updates, disclosing

Proof of Concept

The PoC will be displayed once the issue has been remediated.

Affects Plugins

testimonial-rotator

No known fix

References

CVE

CVE-2021-24156

URL

https://mega.nz/file/ftVSmRCC#ctqUg89CKszEuLO3eeQVazUStTPvoQD6LlbWNSMa7uA

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CWE-79

CVSS

8.0 (high)

Miscellaneous

Original Researcher

Nguyen Anh Tien - SunCSR (Sun* Cyber Security Research)

Submitter

Nguyen Anh Tien

Submitter website

https://research.sun-asterisk.com/

Submitter twitter

vigov5

Verified

Yes

WPVDB ID

8b6f4a77-4008-4730-9a91-fa055a8b3e68

Timeline

Publicly Published

2021-02-19 (about 4 years ago)

Added

2021-02-19 (about 4 years ago)

Last Updated

2021-02-23 (about 4 years ago)

Other

Published

Title

Published

2024-05-15

Title

Happy Addons for Elementor Authenticated (Contributor+) Stored-XSS < 3.10.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Event Calendar Widget

Published

2023-11-14

Title

Website Optimization – Plerdy < 1.3.3 - Authenticated (Admin+) Stored Cross-Site Scripting

Published

2015-05-05

Title

WordPress 4.1-4.2.1 - Unauthenticated Genericons Cross-Site Scripting (XSS)

Published

2024-10-29

Title

Subscribe to Comments < 2.3.1 - Reflected Cross-Site Scripting

Published

2024-10-23

Title

Contact Form 7 - Repeatable Fields < 2.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via field_group Shortcode