WordPress Plugin Vulnerabilities

PhoneTrack Meu Site Manager <= 0.1 - Authenticated Stored XSS

Description

The plugin does not sanitise or escape its "php_id" setting before outputting it back in an attribute in the page, leading to a stored Cross-Site Scripting issue.

Proof of Concept

Put the following payload in the "php_id" field in the plugin's settings (/wp-admin/options-general.php?page=phtmanager): "><script>alert(/XSS/)</script>

Affects Plugins

Plugin icon
phonetrack-meu-site-manager
No known fix

References

CVE
CVE-2021-24534

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
4.8 (medium)

Miscellaneous

Original Researcher
ABISHEIK M
Submitter
ABISHEIK M
Submitter twitter
abisheikmagesh
Verified
Yes
WPVDB ID
b968b9a1-67f3-4bef-a3d3-6e8942bb6570

Timeline

Publicly Published
2021-07-19 (about 2 years ago)
Added
2021-07-19 (about 2 years ago)
Last Updated
2023-01-23 (about 1 years ago)

Other

Published
Title
Published
2020-02-21
Title
Chained Quiz < 1.1.9.1 - Authenticated Stored XSS
Published
2024-03-15
Title
ElementsKit Elementor addons < 3.0.6 - Contributor+ Stored XSS
Published
2024-05-01
Title
IDonate <= 1.9.0 - Admin+ Stored XSS
Published
2024-04-16
Title
HT Mega < 2.4.7 - Contributor+ Stored XSS via size
Published
2015-08-24
Title
Google Analyticator < 6.4.9.6 - Multiple Cross-Site Scripting (XSS)