WordPress Plugin Vulnerabilities
Browser Screenshots < 1.7.6 - Contributor+ Stored XSS
Description
The plugin allowed authenticated users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks as the image_class parameter of the browser-shot shortcode was not escaped.
Proof of Concept
Add the following shortcode in a page, then view the page (either published or as preview to trigger the XSS): [browser-shot url="https://example.com" image_class='" onload="alert(origin)']
Affects Plugins
References
CVE
Classification
Type
XSS
OWASP top 10
CWE
CVSS
Miscellaneous
Original Researcher
apple502j
Submitter
apple502j
Verified
Yes
WPVDB ID
Timeline
Publicly Published
2021-06-21 (about 2 years ago)
Added
2021-06-21 (about 2 years ago)
Last Updated
2021-06-25 (about 2 years ago)