WordPress Plugin Vulnerabilities
Simple Blog Card < 1.31 - Contributor+ Stored XSS via Shortcode
Description
The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks
Proof of Concept
As a contributor, put the following shortcode in a post [simpleblogcard url="http://***.*/" color='red;" onmouseover="alert(/XSS/)"'] Other affected attributes: color, color_width, t_line_height, d_line_height
Affects Plugins
References
Classification
Type
XSS
OWASP top 10
CWE
CVSS
Miscellaneous
Original Researcher
Dmitrii Ignatyev
Submitter
Dmitrii Ignatyev
Submitter website
Verified
Yes
WPVDB ID
Timeline
Publicly Published
2023-08-02 (about 9 months ago)
Added
2023-08-02 (about 9 months ago)
Last Updated
2023-08-22 (about 8 months ago)