WordPress Plugin Vulnerabilities

iPages Flipbook For WordPress < 1.4.7 - Contributor+ Stored XSS

Description

The plugin does not sanitise and escape some of its settings, which could allow users such as contributor+ to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.

Proof of Concept

1. Create a new book item (with whatever role, even if it's an Administrator).

2. Connect to a user with a role as low as Contributor+ and create a new post.

3. Insert the following shortcode in a post: [ipages id='1' class='XSS" onmouseover="alert(1)']

4. Hover over the book inserted by going to the post, the alert triggers successfully.

Affects Plugins

Plugin icon
ipages-flipbook
Fixed in 1.4.7

References

CVE
CVE-2022-4394

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
6.8 (medium)

Miscellaneous

Original Researcher
Lana Codes
Submitter
Lana Codes
Submitter website
https://lana.codes/
Submitter twitter
LanaCodes
Verified
Yes
WPVDB ID
8edbdea1-f9bb-407a-bcd1-fff3e146984c

Timeline

Publicly Published
2022-12-16 (about 1 years ago)
Added
2022-12-16 (about 1 years ago)
Last Updated
2022-12-23 (about 1 years ago)

Other

Published
Title
Published
2016-02-24
Title
WP Ultimate Exporter 1.0.0 - Reflected Cross-Site Scripting (XSS)
Published
2019-12-31
Title
Donorbox 7.1~7.1.1 - Stored Cross-Site Scripting via Shortcode
Published
2023-04-01
Title
Weaver Show Posts < 1.7 - Contributor+ Stored Cross-Site Scripting
Published
2024-04-17
Title
EAN for WooCommerce < 4.9.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via alg_wc_ean_product_meta Shortcode
Published
2021-08-24
Title
SMTP Mail < 1.2 - Reflected Cross-Site Scripting (XSS)