Testimonial Rotator <= 3.0.3 – Authenticated Stored Cross-Site Scripting

Description

Stored Cross-Site Scripting vulnerabilities in Testimonial Rotator 3.0.3 allow low privileged users (Contributor) to inject arbitrary JavaScript code or HTML without approval. This could lead to privilege escalation

Edit (WPScanTeam):
The https://wordpress.org/plugins/themify-portfolio-post/ plugin also need to be installed for the issue to be exploited.

December 3rd, 2020 - Escalated to WP & WP Investigating
February 19th, 2021 - No Updates, disclosing

Proof of Concept

The PoC will be displayed once the issue has been remediated.

Affects Plugins

testimonial-rotator

No known fix

References

CVE

CVE-2021-24156

URL

https://mega.nz/file/ftVSmRCC#ctqUg89CKszEuLO3eeQVazUStTPvoQD6LlbWNSMa7uA

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CWE-79

CVSS

8.0 (high)

Miscellaneous

Original Researcher

Nguyen Anh Tien - SunCSR (Sun* Cyber Security Research)

Submitter

Nguyen Anh Tien

Submitter website

https://research.sun-asterisk.com/

Submitter twitter

vigov5

Verified

Yes

WPVDB ID

8b6f4a77-4008-4730-9a91-fa055a8b3e68

Timeline

Publicly Published

2021-02-19 (about 2 years ago)

Added

2021-02-19 (about 2 years ago)

Last Updated

2021-02-23 (about 2 years ago)

Other

Published

Title

Published

2023-04-24

Title

Woocommerce Tip/Donation <= 1.2 - Shop Manager+ Stored XSS

Published

2023-11-03

Title

Post Sliders & Post Grids <= 1.0.20 - Authenticated (Administrator+) Stored Cross-Site Scripting

Published

2021-11-14

Title

Contact Form Entries < 1.2.4 - Reflected Cross-Site Scripting

Published

2022-01-17

Title

MapPress Maps for WordPress < 2.73.4 - Reflected Cross-Site scripting

Published

2015-01-12

Title

Page Builder by SiteOrigin 2.0.3 - Reflected XSS