Security Audit <= 1.0.0 – Admin+ Stored Cross Site Scripting | CVE 2021-24901 | Plugin Vulnerabilities

Description

The plugin does not sanitise and escape the Data Id setting, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.

Proof of Concept

Put the following payload in the Data ID setting of the plugin (/wp-admin/edit.php?post_type=tlsa_audit&page=tlsa_settings) and save them: "><img src=x onerror=confirm(/XSS/)>

Affects Plugins

titan-labs-security-audit

No known fix

References

CVE

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CVSS

Miscellaneous

Original Researcher

Shweta Mahajan

Submitter

Shweta Mahajan

Verified

Yes

WPVDB ID

9c315404-b66a-448c-a3b7-367a37b53435

Timeline

Publicly Published

2021-11-15 (about 4 years ago)

Added

2022-01-26 (about 3 years ago)

Last Updated

2022-04-13 (about 3 years ago)

Other

Published

Title

Published

2024-12-13

Title

The Permalinker < 1.9.0 - Contributor+ Stored XSS

Published

2024-05-22

Title

Advanced iFrame < 2024.4 - Authenticated (Contributor+) Stored Cross-Site Scripting

Published

2022-03-21

Title

Easy Smooth Scroll Links < 2.23.1 - Admin+ Stored Cross-Site Scripting

Published

2025-01-16

Title

ntp-header-images <= 1.2 - Reflected Cross-Site Scripting

Published

2024-11-08

Title

ra_qrcode <= 2.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting