Easy Table < 1.7 – Admin+ Stored Cross-Site Scripting | CVE 2017-20108

Description

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed (for example in multisite setup)

Proof of Concept

Put the following payload in any of the plugin's settings: "><script>alert(/XSS/)</script>

Affects Plugins

easy-table

Fixed in 1.7

References

CVE

CVE-2017-20108

URL

https://seclists.org/fulldisclosure/2017/Feb/24

URL

https://plugins.trac.wordpress.org/changeset/1597440/easy-table

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CWE-79

CVSS

3.4 (low)

Miscellaneous

Original Researcher

Manuel Garcia Cardenas

Submitter

ethicalhack3r

Submitter twitter

ethicalhack3r

Verified

Yes

WPVDB ID

9bd72faa-3c8c-4f51-9c8a-c49f8f01adda

Timeline

Publicly Published

2017-02-14 (about 9 years ago)

Added

2017-02-20 (about 9 years ago)

Last Updated

2023-04-04 (about 2 years ago)

Other

Published

Title

Published

2024-07-08

Title

Genesis Blocks < 3.1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Sharing Block Attributes

Published

2025-01-16

Title

DN Sitemap Control <= 1.0.6 - Reflected Cross-Site Scripting

Published

2024-12-18

Title

Royal Elementor Addons < 1.7.1 - Contributor+ Stored XSS

Published

2024-03-25

Title

WPFront Notification Bar < 3.4 - Authenticated (Editor+) Stored Cross-Site Scripting

Published

2017-06-12

Title

Rsvp < 2.3.8 - XSS