WordPress Plugin Vulnerabilities
Highlight < 0.9.3 - Authenticated Stored Cross-Site Scripting
Description
The plugin does not sanitise its CustomCSS setting, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed
Proof of Concept
Tick the "Enable Highlight" setting of the plugin, and put the following payload in the CustomCSS setting as well: </style><script>alert(/XSS-aaa/)</script> Then visit the homepage to trigger the XSS https://github.com/xiahao90/CVEproject/blob/main/wordpress_Highlight_XSS.md
Affects Plugins
References
CVE
Classification
Type
XSS
OWASP top 10
CWE
CVSS
Miscellaneous
Original Researcher
xiahao@webray.com.cn inc
Submitter
xiahao@webray.com.cn inc
Submitter twitter
Verified
Yes
WPVDB ID
Timeline
Publicly Published
2021-08-06 (about 2 years ago)
Added
2021-08-06 (about 2 years ago)
Last Updated
2022-02-24 (about 2 years ago)