WordPress Plugin Vulnerabilities
WP Page Builder <= 1.2.8 - Admin+ Stored Cross-Site
Description
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
Proof of Concept
Navigate to Setting » add the payload: "><img src=x onerror=confirm(document.domain)>, into "Content Width & Gutter" to trigger the popup.
Affects Plugins
No known fix - plugin closed
References
Classification
Miscellaneous
Original Researcher
Vaibhav Koli
Submitter
Vaibhav Koli
Submitter website
Submitter twitter
Verified
Yes
Timeline
Publicly Published
2022-11-10 (about 6 months ago)
Added
2022-11-10 (about 6 months ago)
Last Updated
2022-11-10 (about 6 months ago)