Shared Files < 1.6.57 - Admin+ Stored Cross-Site Scripting

Description

The plugin does not sanitise and escape some of its settings before outputting them in attributes, which could lead to Stored Cross-Site Scripting issues.

Proof of Concept

Put the following payload in the "Folder for new files" and "Maximum size of uploaded file" settings of the plugin: "><script>alert(/XSS/)</script>

Affects Plugins

shared-files

Fixed in version 1.6.57✓

References

CVE

CVE-2021-24736

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CWE-79

Miscellaneous

Original Researcher

Shivam Rai

Submitter

Shivam Rai

Submitter twitter

shivam24rai

Verified

Yes

WPVDB ID

d72275bd-0c66-4b2a-940d-d5256b5426cc

Timeline

Publicly Published

2021-09-15 (about 4 months ago)

Added

2021-09-15 (about 4 months ago)

Last Updated

2021-09-15 (about 4 months ago)

Our Other Services

WPScan WordPress Security Plugin