My Sticky Bar < 2.7.3 – Admin+ Stored XSS | CVE 2024-7133 | Plugin Vulnerabilities

Description

The plugin does not validate and escape some of its settings before outputting them back in the page, which could allow users with a high role to perform Stored Cross-Site Scripting attacks.

Proof of Concept

Edit/create a Bar, intercept the request made when saving it, change mysticky_option_welcomebar%5Bmysticky_welcomebar_fontsize%5D field to 1123"dshf=+"";shfd="\";</style><img+src=x+onerror=alert(1)> and send it

The XSS will be triggered when editing the bar again

Affects Plugins

Fixed in 2.7.3

References

CVE

URL

https://research.cleantalk.org/cve-2024-7133/

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CVSS

Miscellaneous

Original Researcher

Dmitrii Ignatyev

Submitter

Dmitrii Ignatyev

Submitter website

https://www.linkedin.com/in/dmitriy-ignatyev-8a9189267/

Verified

Yes

WPVDB ID

c81c1622-33d1-41f2-ba63-f06bd4c125ab

Timeline

Publicly Published

2024-08-23 (about 1 year ago)

Added

2024-08-23 (about 1 year ago)

Last Updated

2024-08-23 (about 1 year ago)

Other

Published

Title

Published

2025-01-16

Title

Predict When <= 1.3 - Reflected Cross-Site Scripting

Published

2024-06-21

Title

WP Secure Maintenance < 1.7 - Admin+ Stored XSS

Published

2024-10-31

Title

LH QR Codes <= 1.06 - Authenticated (Contributor+) Stored Cross-Site Scripting

Published

2024-07-23

Title

Royal Elementor Addons and Templates < 1.3.981 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Magazine Grid/Slider Widget

Published

2024-04-16

Title

Knight Lab Timeline <= 3.9.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting