WordPress Plugin Vulnerabilities

Brizy Page Builder < 2.4.2 - Contributor+ Stored Cross-Site Scripting via Element Content

Description

The plugin does not sanitise and escape some element content, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks

Proof of Concept

As a contributor or above, create a post using Brizy editor and:
- Add a Text Element then put the following payload: <SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
- Add an Embed Element and put the following payload as embed data: <script>alert("XSS")</script>

The XSS will be triggered when viewing/previewing the post (for example when an admin reviews it)

Affects Plugins

Plugin icon
brizy
Fixed in 2.4.2

References

CVE
CVE-2022-2041
URL
https://www.fortiguard.com/zeroday/FG-VD-21-110

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
6.8 (medium)

Miscellaneous

Original Researcher
Vishnupriya ilango
Submitter
Vishnupriya ilango
Submitter website
https://www.fortiguard.com/zeroday
Verified
Yes
WPVDB ID
8edb11bc-9e8d-4a98-8538-aaff0f072109

Timeline

Publicly Published
2022-06-21 (about 1 years ago)
Added
2022-06-21 (about 1 years ago)
Last Updated
2023-03-27 (about 1 years ago)

Other

Published
Title
Published
2024-01-03
Title
Private Google Calendars < 20240106 - Contributor+ Stored XSS
Published
2023-12-04
Title
Guest Author < 2.4 - Authenticated (Author+) Stored Cross-Site Scripting
Published
2023-09-25
Title
Booking Calendar < 9.7.4 - Authenticated(Contributor+) Stored Cross-Site Scripting via shortcode
Published
2024-04-05
Title
EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor < 3.9.15 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Published
2014-10-13
Title
Smart Forms 2.1.0 - Cross-Site Scripting (XSS)