easy-table-of-contents < 2.0.68 – Editor+ Stored XSS | CVE 2024-7082 | Plugin Vulnerabilities

Description

The plugin does not sanitise and escape some parameters, which could allow users with a role as low as Editor to perform Cross-Site Scripting attacks.

Proof of Concept

Go to the widgets of the plugin and change "Title" field to "Malicious JS code eval() and etc. For example 123" onmouseover=alert(1)// -> Save Settings (Admins and editors are allowed to use JS in posts/pages/comments/etc, so the unfiltered_html capability should be disallowed when testing for Stored XSS using such roles)

Affects Plugins

easy-table-of-contents

Fixed in 2.0.68

References

CVE

URL

https://research.cleantalk.org/cve-2024-7082/

YouTube Video

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CVSS

Miscellaneous

Original Researcher

Dmitrii Ignatyev

Submitter

Dmitrii Ignatyev

Submitter website

https://www.linkedin.com/in/dmitriy-ignatyev-8a9189267/

Verified

Yes

WPVDB ID

8f30e685-00fa-4dbb-b516-2d14e4b13697

Timeline

Publicly Published

2024-07-16 (about 1 year ago)

Added

2024-07-31 (about 1 year ago)

Last Updated

2024-09-10 (about 1 year ago)

Other

Published

Title

Published

2025-06-19

Title

Automatically Hierarchic Categories in Menu < 2.0.10 - Authenticated (Contributor+) Stored Cross-Site Scripting

Published

2014-08-01

Title

Quick Contact Form 6.2 - Unspecified XSS

Published

2023-07-17

Title

WPBulky < 1.0.10 - Contributor+ Stored Cross-Site Scripting

Published

2024-11-08

Title

Anih - Creative Agency WordPress Theme <= 2024 - Authenticated (Administrator+) Stored Cross-Site Scripting

Published

2025-03-21

Title

Secure Invites <= 1.3 - Reflected Cross-Site Scripting