WordPress Plugin Vulnerabilities

RapidExpCart <= 1.0 - Stored XSS via CSRF

Description

The plugin does not sanitize and escape the url parameter in the rapidexpcart endpoint before storing it and outputting it back in the page, leading to a Stored Cross-Site Scripting vulnerability which could be used against high-privilege users such as admin, furthermore lack of csrf protection means an attacker can trick a logged in admin to perform the attack by submitting a hidden form.

Proof of Concept

Affects Plugins

Plugin icon
rapidexpcart
No known fix

References

CVE
CVE-2023-0520

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
9.6 (critical)

Miscellaneous

Original Researcher
Shreya Pohekar
Submitter
Shreya Pohekar
Submitter website
https://shreyapohekar.com
Submitter twitter
shreyapohekar
Verified
Yes
WPVDB ID
be4f7ff9-af79-477b-9f47-e40e25a3558e

Timeline

Publicly Published
2023-04-19 (about 2 years ago)
Added
2023-04-19 (about 2 years ago)
Last Updated
2023-04-19 (about 2 years ago)

Other

Published
Title
Published
2025-09-29
Title
WeedMaps Menu for WordPress <= 1.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via weedmaps_menu Shortcode
Published
2025-12-12
Title
Header Footer Script Adder – Insert Code in Header, Body & Footer < 2.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2019-04-23
Title
KingComposer - Authenticated Stored XSS
Published
2025-08-21
Title
Super Store Finder < 7.7 - Reflected Cross-Site Scripting
Published
2024-06-06
Title
HT Feed < 1.2.9 - Authenticated (Contributor+) Stored Cross-Site Scripting