WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

WP Page Builder < 1.2.4 - Multiple Stored Cross-Site scripting (XSS)

Description

The editor of the plugin allows lower-privileged users to insert unfiltered HTML, including JavaScript, into pages via the “Raw HTML” widget and the “Custom HTML” widgets (though the custom HTML widget requires sending a crafted request - it appears that this widget uses some form of client side validation but not server side validation), all of which are added via the “page_builder_data” parameter when performing the “wppb_page_save” AJAX action. It is also possible to insert malicious JavaScript via the “wppb_page_css” parameter (this can be done by closing out the style tag and opening a script tag) when performing the “wppb_page_save” AJAX action.

Affects Plugins

wp-pagebuilder
Fixed in version 1.2.4

References

CVE
CVE-2021-24208
URL
https://www.themeum.com/wp-page-builder-updated-v1-2-4/
URL
https://www.wordfence.com/blog/2021/04/vulnerabilities-patched-in-wp-page-builder/

Classification

Type

XSS

OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79

Miscellaneous

Original Researcher

Ramuel Gall

Submitter

Ramuel Gall

Submitter twitter
ramuelgall
Verified

Yes

WPVDB ID
c20e243d-b0de-4ae5-9a0d-b9d02c9b8141

Timeline

Publicly Published

2021-03-17 (about 1 years ago)

Added

2021-03-18 (about 1 years ago)

Last Updated

2021-04-09 (about 1 years ago)

Our Other Services

WPScan WordPress Security Plugin