WordPress Plugin Vulnerabilities
Themify Portfolio Post < 1.1.6 - Authenticated Stored Cross-Site Scripting
Description
Stored Cross-Site Scripting vulnerabilities in Themify Portfolio Post <= 1.1.5 allow low-privileged users (Contributor+) to inject arbitrary Javascript code or HTML in posts where the Themify Custom Panel is embedded.
Proof of Concept
1. As a contributor, go into "Portfolios" tab from the sidebar and create a new Portfolios 2. In the Themify Custom Panel section, Input an XSS vector to : - Date - Client - Services - Link to Launch ex: <img src=x onerror=alert(origin)> 3. Publish/Send for review and visit created post/preview as editor/admin to trigger XSS.
Affects Plugins
References
Classification
Type
XSS
OWASP top 10
CWE
CVSS
Miscellaneous
Original Researcher
Nguyen Anh Tien - SunCSR (Sun* Cyber Security Research)
Submitter
Nguyen Anh Tien
Submitter website
Submitter twitter
Verified
Yes
WPVDB ID
Timeline
Publicly Published
2020-12-04 (about 3 years ago)
Added
2020-12-04 (about 3 years ago)
Last Updated
2021-01-22 (about 3 years ago)