Swift Framework < 2024.0.0 – Contributor+ Stored XSS via Shortcode | CVE 2024-2697 | Plugin Vulnerabilities

Description

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.

Proof of Concept

1. As a contributor, go to "Swift Slider > Add New Slide"
2. In the "Content > Caption Text" add the POC: `[spb_boxed_content element_name="red" title=""test" box_link="red"" box_link_target="self" el_class='red" onmouseover="alert(/XSScontrib5/)"' width='1/1' el_position="first last"]test content[/spb_boxed_content]`
3. When an admin approves the slide, the XSS will be seen.

Note: Other shortcodes throughout the plugin are vulnerable to the same issue.

Affects Plugins

socialdriver-framework

Fixed in 2024.0.0

References

CVE

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

Miscellaneous

Original Researcher

Bob Matyas

Submitter

Bob Matyas

Submitter website

https://www.bobmatyas.com

Submitter twitter

Verified

Yes

WPVDB ID

c430b30d-61db-45f5-8499-91b491503b9c

Timeline

Publicly Published

2024-04-26 (about 2 months ago)

Added

2024-04-26 (about 1 months ago)

Last Updated

2024-04-26 (about 1 months ago)

Other

Published

Title

Published

2019-02-16

Title

Launcher: Coming Soon & Maintenance Mode <= 1.0.10 - Multiple Stored XSS

Published

2024-02-20

Title

wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin < 3.4.2.5 - Reflected Cross-Site Scripting.

Published

2020-04-22

Title

Catch Breadcrumb < 1.5.7 - Unauthenticated Reflected XSS

Published

2023-08-14

Title

123.chat < 1.3.1 - Admin+ Stored XSS

Published

2020-01-19

Title

Elementor Page Builder < 2.8.4 - Cross-Site Scripting (XSS)