WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

Add Subtitle <= 1.1.0 - Contributor+ Stored Cross-Site Scripting

Description

The plugin does not sanitise or escape the sub-title field (available only with classic editor) when output in the page, which could allow users with a role as low as contributor to perform Cross-Site Scripting attacks

Proof of Concept

(The classic editor plugin is needed to see the sub-title field)

- Create a post as contributor+
- Add the following payload in the sub-title field: <script>alert(/XSS/)</script>
- View/preview the post to trigger the XSS

Affects Plugins

add-subtitle
No known fix - plugin closed

References

CVE
CVE-2021-24897

Classification

Type

XSS

OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79

Miscellaneous

Original Researcher

Francesco Carlucci

Submitter

Francesco Carlucci

Submitter website
http://carluc.ci
Submitter twitter
francecarlucci
Verified

Yes

WPVDB ID
a0dd1da8-f8d2-453d-a2f2-711a49fb6466

Timeline

Publicly Published

2022-01-26 (about 8 months ago)

Added

2022-02-15 (about 7 months ago)

Last Updated

2022-04-08 (about 5 months ago)

Our Other Services

WPScan WordPress Security Plugin