WordPress Plugin Vulnerabilities

Store Locator WordPress < 1.4.13 - Reflected XSS

Description

The plugin does not sanitise and escape an invalid nonce before outputting it back in an AJAX response, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

Proof of Concept

Make a logged in admin open the URL below

https://example.com/wp-admin/admin-ajax.php?action=asl_ajax_handler&asl-nounce=<img src onerror=alert`XSS`>

Affects Plugins

Plugin icon
agile-store-locator
Fixed in 1.4.13

References

CVE
CVE-2023-4151

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
7.1 (high)

Miscellaneous

Original Researcher
tnt24
Submitter
tnt24
Verified
Yes
WPVDB ID
c9d80aa4-a26d-4b3f-b7bf-9d2fb0560d7b

Timeline

Publicly Published
2023-08-10 (about 3 months ago)
Added
2023-08-10 (about 3 months ago)
Last Updated
2023-08-10 (about 3 months ago)

Other

Published
Title
Published
2018-01-11
Title
SrbTransLatin <= 1.46 - Stored XSS & CSRF
Published
2021-12-30
Title
Link Library < 7.2.9 - Reflected Cross-Site Scripting
Published
2014-08-01
Title
Events Calendar - wp-admin/admin.php EC_id Parameter XSS
Published
2018-05-15
Title
WP Live Chat Support < 8.0.08 - Cross-Site Scripting (XSS)
Published
2021-06-21
Title
Browser Screenshots < 1.7.6 - Contributor+ Stored XSS