WordPress Plugin Vulnerabilities

WP Customer Reviews < 3.5.6 - Authenticated Stored Cross-Site Scripting (XSS)

Description

The plugin did not sanitise some of its settings, allowing high privilege users such as administrators to set XSS payloads in them which will then be triggered in pages where reviews are enabled

Proof of Concept

1. Login to WordPress as an Administrator
2. Install and Activate plugin "WP Customer Reviews"
3. Click on "Reviews > Plugin Settings > Review Form Settings"
4. Insert the XSS payload (my XSS payload: <img src=x onerror=alert(1)>) into any field at "Standard fields on reviews" or/and "Custom fields on reviews", then click on "Save Changes".
5. Go to any post where Reviews are enabled to trigger the XSS

Affects Plugins

Plugin icon
wp-customer-reviews
Fixed in 3.5.6

References

CVE
CVE-2021-24296
URL
https://plugins.trac.wordpress.org/changeset/2520157/

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
5.5 (medium)

Miscellaneous

Original Researcher
Truoc Phan from Techlab Corporation
Submitter
Truoc Phan
Submitter website
https://www.facebook.com/292706121240740
Submitter twitter
truocphan
Verified
Yes
WPVDB ID
c450f54a-3372-49b2-8ad8-68d5cc0dd49e

Timeline

Publicly Published
2021-05-04 (about 3 years ago)
Added
2021-05-04 (about 3 years ago)
Last Updated
2021-05-05 (about 3 years ago)

Other

Published
Title
Published
2020-12-10
Title
Pagelayer < 1.3.5 - Multiple Reflected Cross-Site Scripting (XSS)
Published
2021-11-30
Title
LiteSpeed Cache < 4.4.4 - Admin+ Reflected Cross-Site Scripting
Published
2024-03-21
Title
ColorMag < 3.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Display Name
Published
2023-01-31
Title
Wufoo Shortcode < 1.52 - Contributor+ Stored XSS via Shortcode
Published
2022-10-27
Title
JetBackup < 1.6.9.1 - Admin+ Stored XSS