WordPress Plugin Vulnerabilities

Awesome Support < 6.1.5 - Reflected Cross-Site Scripting

Description

The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.

Proof of Concept

Visit the following URL as an admin user, with any valid ticket ID. Press the access key combination to trigger XSS (e.g. Ctrl+Alt+X on Firefox on MacOS).

https://example.com/wp-admin/post.php?post=TICKET_ID%22+accessKey%3DX+onclick%3Dalert%28%2Fxss%2F%29+%22&action=edit

Affects Plugins

Plugin icon
awesome-support
Fixed in 6.1.5

References

CVE
CVE-2023-5354

Classification

Type
ACCESS CONTROLS
OWASP top 10
A5: Broken Access Control
CWE
CWE-284
CVSS
7.1 (high)

Miscellaneous

Original Researcher
Alex Sanford
Submitter
Alex Sanford
Submitter website
https://wpscan.com
Verified
Yes
WPVDB ID
aa380524-031d-4e49-9d0b-96e62d54557f

Timeline

Publicly Published
2023-10-16 (about 1 months ago)
Added
2023-10-16 (about 1 months ago)
Last Updated
2023-10-17 (about 1 months ago)

Other

Published
Title
Published
2020-09-22
Title
Coditor <= 1.1 - Arbitrary File Edition, Deletion and Internal Directory Listing in wp-content
Published
2021-11-15
Title
Improved Include Page <= 1.2 - Contributor+ Arbitrary Posts/Pages Access
Published
2020-09-10
Title
Email Subscribers & Newsletters < 4.5.6 - Unauthenticated email forgery/spoofing
Published
2021-08-02
Title
WP LMS < 1.1.5 - Unauthenticated Arbitrary User Field Edition/Creation
Published
2021-10-13
Title
Brizy 1.0.127 - 2.3.11 - Incorrect Authorization to Post Modification