WordPress Plugin Vulnerabilities

WP Post Popup <= 3.7.3 - Admin+ Stored XSS

Description

The plugin does not sanitise and escape some of its inputs, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

Proof of Concept

Enter the following payload in the Close Button field in the plugin settings.

`<img src=s onerror=alert("XSS")>`

Save the settings and visit the homepage to see the XSS.

Affects Plugins

Plugin icon
wp-post-modal
No known fix

References

CVE
CVE-2023-4808

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
3.5 (low)

Miscellaneous

Original Researcher
Abhijith A
Submitter
Abhijith A
Submitter website
https://www.linkedin.com/in/abhijith-a-2020/
Submitter twitter
5t3v3_abhi
Verified
Yes
WPVDB ID
bb8e9f06-477b-4da3-b5a6-4f06084ecd57

Timeline

Publicly Published
2023-10-27 (about 6 months ago)
Added
2023-10-27 (about 6 months ago)
Last Updated
2023-10-27 (about 6 months ago)

Other

Published
Title
Published
2022-08-30
Title
Add User Role <= 0.0.1 - Admin+ Stored Cross-Site Scripting
Published
2020-11-12
Title
BA Book Everything < 1.3.25 - Unauthenticated Reflected XSS & XFS
Published
2023-08-02
Title
Simple Blog Card < 1.31 - Contributor+ Stored XSS via Shortcode
Published
2021-01-12
Title
Orbit Fox by ThemeIsle < 2.10.3 - Authenticated Stored Cross Site Scripting
Published
2019-03-13
Title
WordPress 3.9-5.1 - Comment Cross-Site Scripting (XSS)