WordPress Plugin Vulnerabilities

Marmoset Viewer < 1.9.3 - Reflected Cross Site Scripting

Description

The plugin does not property sanitize, validate or escape the 'id' parameter before outputting back in the page, leading to a reflected Cross-Site Scripting issue.

Proof of Concept

Affects Plugins

Plugin icon
marmoset-viewer
Fixed in 1.9.3

References

CVE
CVE-2021-24495
URL
https://johnjhacking.com/blog/cve-2021-24495-improper-neutralization-of-input-during-web-page-generation-on-id-parameter-in-wordpress-marmoset-viewer-plugin-versions-1.9.3-leads-to-reflected-cross-site-scripting/

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
7.1 (high)

Miscellaneous

Original Researcher
John Jackson
Submitter
John Jackson
Submitter website
https://johnjhacking.com
Submitter twitter
johnjhacking
Verified
Yes
WPVDB ID
d11b79a3-f762-49ab-b7c8-3174624d7638

Timeline

Publicly Published
2021-07-06 (about 4 years ago)
Added
2021-07-12 (about 4 years ago)
Last Updated
2022-02-06 (about 3 years ago)

Other

Published
Title
Published
2024-05-07
Title
HT Mega – Absolute Addons For Elementor < 2.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Gallery Justify
Published
2021-08-03
Title
Availability Calendar < 1.2.2 - Authenticated Stored Cross-Site Scripting
Published
2023-03-03
Title
CPO Content Types < 1.1.1 - Admin+ Stored XSS
Published
2025-04-04
Title
Ni WooCommerce Cost Of Goods < 3.2.9 - Subscriber+ Stored XSS
Published
2014-04-25
Title
Game Tabs <= 0.4.0 - XSS