WordPress Plugin Vulnerabilities
WP Custom Cursors <= 3.3 - Admin+ Stored XSS
Description
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
Proof of Concept
1. Add a new custom cursor. 2. Under "Hover Options" select "Snap" and for the "Background Color" add the payload: "><script>alert("xss")</script> 3. Save and see the XSS pop-up. Before version v3.3, use the following steps: 1. Add a new custom cursor 2. Under "Hover Options" select "Shape" and for the "Background Color" add the payload: " style=animation-name:rotation onanimationstart=alert(/XSS/)// 3. Save and when you go through the process to edit the code, you will see the XSS pop-up
Affects Plugins
References
CVE
YouTube Video
Classification
Type
XSS
OWASP top 10
CWE
Miscellaneous
Submitter
David Suho Lee
Submitter website
Submitter twitter
Verified
Yes
WPVDB ID
Timeline
Publicly Published
2023-10-07 (about 7 months ago)
Added
2023-12-18 (about 4 months ago)
Last Updated
2024-02-21 (about 2 months ago)