WordPress Plugin Vulnerabilities

URL Shortify < 1.7.9.1 - Admin+ Stored XSS

Description

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

Proof of Concept

Multiple parameters in the plugin's settings are vulnerable to cross-site scripting.

Links -> Edit Link
- "Short URL" payload: `9onp" onmouseover=alert(3) abc="`
- "Title" payload: `KaizenCoders" onmouseover=alert(1) abc="`

Groups -> Edit Group
- "Name" payload: `title" onmouseover=alert(2) abc="`

Affects Plugins

Plugin icon
url-shortify
Fixed in 1.7.9.1

References

CVE
CVE-2023-5605

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
3.5 (low)

Miscellaneous

Original Researcher
Bartlomiej Marek and Tomasz Swiadek
Submitter
Bartlomiej Marek
Verified
Yes
WPVDB ID
9ec03ef0-0c04-4517-b761-df87af722a64

Timeline

Publicly Published
2023-10-16 (about 7 months ago)
Added
2023-10-16 (about 6 months ago)
Last Updated
2023-12-04 (about 5 months ago)

Other

Published
Title
Published
2014-08-01
Title
DZS Video Gallery - deploy/preview.swf logoLink Parameter Reflected XSS
Published
2021-08-03
Title
Availability Calendar < 1.2.2 - Authenticated Stored Cross-Site Scripting
Published
2024-03-15
Title
Survey Maker < 4.0.6 - Authenticated (Administrator+) Stored Cross-Site Scripting
Published
2024-05-01
Title
LA-Studio Element Kit for Elementor < 1.3.7.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via LaStudioKit Post Author Widget
Published
2021-10-04
Title
BP Better Messages < 1.9.9.41 - Reflected Cross-Site Scripting