WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

Simple Banner < 2.10.4 - Authenticated Stored XSS

Description

The plugin does not sanitise and escape one of its settings, allowing high privilege users such as admin to use Cross-Site Scripting payload even when the unfiltered_html capability is disallowed.

Proof of Concept

Put the following payload in the Simple Banner Text setting of the plugin: <img src onerror=alert(/XSS/)>

The XSS will be triggered in the plugin's settings, as well as any frontend page with the banner

Affects Plugins

simple-banner
Fixed in version 2.10.4

References

CVE
CVE-2021-24574
URL
https://plugins.trac.wordpress.org/changeset/2571047/

Classification

Type

XSS

OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79

Miscellaneous

Original Researcher

Asif Nawaz Minhas

Submitter

Asif Nawaz Minhas

Verified

Yes

WPVDB ID
9adf7022-5108-43b7-bf0e-a42593185b74

Timeline

Publicly Published

2021-07-26 (about 10 months ago)

Added

2021-07-26 (about 10 months ago)

Last Updated

2021-08-10 (about 9 months ago)

Our Other Services

WPScan WordPress Security Plugin