WordPress Plugin Vulnerabilities

SupportCandy < 2.2.7 - Reflected Cross-Site Scripting

Description

The plugin does not sanitise and escape the query string before outputting it back in pages with the [wpsc_create_ticket] shortcode embed, leading to a Reflected Cross-Site Scripting issue

Proof of Concept

Note: the ticket-creation page is the one with the [wpsc_create_ticket] shortcode embed

https://example.com/ticket-creation/?};alert(/XSS/)//=1

Affects Plugins

Plugin icon
supportcandy
Fixed in 2.2.7

References

CVE
CVE-2021-24878

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
6.1 (medium)

Miscellaneous

Original Researcher
apple502j
Submitter
apple502j
Verified
Yes
WPVDB ID
d2f1fd60-5e5e-4e38-9559-ba2d14ae37bf

Timeline

Publicly Published
2022-01-05 (about 1 years ago)
Added
2022-01-05 (about 1 years ago)
Last Updated
2022-04-08 (about 1 years ago)

Other

Published
Title
Published
2023-05-23
Title
Ultimate Dashboard < 3.7.6 - Admin+ Stored XSS
Published
2023-01-23
Title
Lightweight Accordion < 1.5.15 - Contributor+ Stored XSS
Published
2022-01-14
Title
WHMCS Bridge < 6.3 - Subscriber+ Stored Cross-Site Scripting
Published
2020-08-31
Title
Ceceppa Multilingua <= 1.5.17 - Authenticated Reflected Cross-Site Scripting
Published
2023-08-23
Title
Block Referer Spam < 1.1.9.5 - Admin+ Stored XSS