How it works Pricing

Vulnerabilities

WordPress Plugins Themes Stats Submit vulnerabilities

For developers

Status API details CLI scanner

WordPress Plugin Vulnerabilities

Availability Calendar < 1.2.2 - Authenticated Stored Cross-Site Scripting

Description

The plugin does not sanitise or escape its Category Names before outputting them in page/post where the associated shortcode is embed, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed

Proof of Concept

Create a new category via the plugin (/wp-admin/admin.php?page=owaccategory), add the following payload in the Name field: <script>alert(/XSS/)</script>, then view a page/post where the  associated Category Shortcode is embed

Affects Plugins

availability-calendar

Fixed in version 1.2.2

References

CVE

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

Miscellaneous

Original Researcher

[email protected] inc

Submitter

[email protected] inc

Submitter twitter

lAmn9V6MU9Dfb8p

Verified

Yes

WPVDB ID

d084c5b1-45f1-4e7e-b3e9-3c98ae4bce9c

Timeline

Publicly Published

2021-08-03 (about 1 years ago)

Added

2021-08-19 (about 1 years ago)

Last Updated

2022-04-09 (about 5 months ago)

Our Other Services

WPScan WordPress Security Plugin