Simple Banner < 2.10.4 – Admin+ Stored XSS | CVE 2021-24574 | Plugin Vulnerabilities

Description

The plugin does not sanitise and escape one of its settings, allowing high privilege users such as admin to use Cross-Site Scripting payload even when the unfiltered_html capability is disallowed.

Proof of Concept

Put the following payload in the Simple Banner Text setting of the plugin: <img src onerror=alert(/XSS/)>

The XSS will be triggered in the plugin's settings, as well as any frontend page with the banner

Affects Plugins

Fixed in 2.10.4

References

CVE

URL

https://www.hackpertise.com/cve/2-cve-2021-24574/

URL

https://plugins.trac.wordpress.org/changeset/2571047/

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CVSS

Miscellaneous

Original Researcher

Asif Nawaz Minhas

Submitter

Asif Nawaz Minhas

Verified

Yes

WPVDB ID

9adf7022-5108-43b7-bf0e-a42593185b74

Timeline

Publicly Published

2021-07-26 (about 4 years ago)

Added

2021-07-26 (about 4 years ago)

Last Updated

2023-04-12 (about 2 years ago)

Other

Published

Title

Published

2023-09-13

Title

Awesome Weather Widget for WordPress <= 3.0.2 - Contributor+ Stored XSS

Published

2015-08-13

Title

WP Job Manager < 1.23.8 - Reflected Cross-Site Scripting (XSS)

Published

2024-04-29

Title

AnnounceKit <= 2.0.9 - Authenticated (Admin+) Stored Cross-Site Scripting

Published

2024-05-16

Title

Essential Blocks < 4.5.13 - Contributor+ Stored XSS

Published

2021-10-25

Title

Slideshow Gallery < 1.7.4 - Admin+ Stored Cross-Site Scripting