WordPress Plugin Vulnerabilities

Chaty Free < 2.8.3 & Pro < 2.8.2 - Reflected Cross-Site Scripting

Description

The plugins do not sanitise and escape the search parameter before outputting it back in the admin dashboard, leading to a Reflected Cross-Site Scripting

Proof of Concept

http://example.com/wp-admin/admin.php?page=chaty-contact-form-feed&search=%3C%2Fscript%3E%3Cimg+src+onerror%3Dalert%28/XSS/%29%3E

Affects Plugins

Plugin icon
chaty
Fixed in 2.8.3
Plugin icon
chaty-pro
Fixed in 2.8.2

References

CVE
CVE-2021-25016

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
7.5 (high)

Miscellaneous

Original Researcher
Krzysztof Zając
Submitter
Krzysztof Zając
Submitter website
https://kazet.cc/
Verified
Yes
WPVDB ID
b5035987-6227-4fc6-bc45-1e8016e5c4c0

Timeline

Publicly Published
2021-12-06 (about 2 years ago)
Added
2021-12-06 (about 2 years ago)
Last Updated
2022-04-13 (about 2 years ago)

Other

Published
Title
Published
2022-02-28
Title
SEO Plugin by Squirrly SEO < 11.1.12 - Reflected Cross-Site Scripting
Published
2019-09-27
Title
Zoner < 4.2 - Persistent XSS & IDOR
Published
2023-03-17
Title
Open RDW kenteken voertuiginformatie < 2.1.0 - Reflected XSS
Published
2023-05-22
Title
Contact Form Entries < 1.3.1 - Contributor+ Stored XSS
Published
2024-04-16
Title
Cornerstone < 0.8.1 - Reflected Cross-Site Scripting via PHP_SELF