WordPress Plugin Vulnerabilities
WP Page Builder < 1.2.4 - Multiple Stored Cross-Site scripting (XSS)
Description
The editor of the plugin allows lower-privileged users to insert unfiltered HTML, including JavaScript, into pages via the “Raw HTML” widget and the “Custom HTML” widgets (though the custom HTML widget requires sending a crafted request - it appears that this widget uses some form of client side validation but not server side validation), all of which are added via the “page_builder_data” parameter when performing the “wppb_page_save” AJAX action. It is also possible to insert malicious JavaScript via the “wppb_page_css” parameter (this can be done by closing out the style tag and opening a script tag) when performing the “wppb_page_save” AJAX action.
Affects Plugins
References
Classification
Type
XSS
OWASP top 10
CWE
CVSS
Miscellaneous
Original Researcher
Ramuel Gall
Submitter
Ramuel Gall
Submitter twitter
Verified
Yes
WPVDB ID
Timeline
Publicly Published
2021-03-17 (about 3 years ago)
Added
2021-03-18 (about 3 years ago)
Last Updated
2021-04-09 (about 3 years ago)