WordPress Plugin Vulnerabilities

Brizy Page Builder < 2.4.2 - Contributor+ Stored Cross-Site Scripting via Element Content

Description

The plugin does not sanitise and escape some element content, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks

Proof of Concept

As a contributor or above, create a post using Brizy editor and:
- Add a Text Element then put the following payload: <SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
- Add an Embed Element and put the following payload as embed data: <script>alert("XSS")</script>

The XSS will be triggered when viewing/previewing the post (for example when an admin reviews it)

Affects Plugins

Plugin icon
brizy
Fixed in 2.4.2

References

CVE
CVE-2022-2041
URL
https://www.fortiguard.com/zeroday/FG-VD-21-110

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
6.8 (medium)

Miscellaneous

Original Researcher
Vishnupriya ilango
Submitter
Vishnupriya ilango
Submitter website
https://www.fortiguard.com/zeroday
Verified
Yes
WPVDB ID
8edb11bc-9e8d-4a98-8538-aaff0f072109

Timeline

Publicly Published
2022-06-21 (about 1 years ago)
Added
2022-06-21 (about 1 years ago)
Last Updated
2023-03-27 (about 8 months ago)

Other

Published
Title
Published
2022-05-19
Title
Google Tag Manager for WordPress < 1.15.1 - Reflected Cross-Site Scripting
Published
2021-12-13
Title
Out of the Box < 1.20.3 - Reflected Cross-Site Scripting
Published
2023-11-21
Title
Perfmatters < 2.1.7 - Reflected Cross-Site Scripting
Published
2021-10-06
Title
Formidable Form Builder < 5.0.07 - Admin+ Stored Cross-Site Scripting
Published
2023-03-13
Title
Solidres <= 0.9.4 - Multiple Reflected XSS