WordPress Plugin Vulnerabilities

Responsive Pricing Table < 5.1.8 - Admin+ Stored Cross-Site Scriping

Description

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

Proof of Concept

1. Create a New Pricing Table and Add a pricing plan.
2. Add the following malicious XSS payload in the "Short description" parameter.
XSS payload: `"><scri<script>pt>alert(1)</scri</script>pt>`
3. Save the Pricing table and click the Instant preview button to see the XSS.

Affects Plugins

Plugin icon
dk-pricr-responsive-pricing-table
Fixed in 5.1.8

References

CVE
CVE-2023-4810
URL
https://portswigger.net/web-security/cross-site-scripting/stored

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
3.5 (low)

Miscellaneous

Original Researcher
Vaishnav Rajeevan
Submitter
Vaishnav Rajeevan
Submitter website
https://twitter.com/vaishnavrajeev6
Submitter twitter
vaishnavrajeev6
Verified
Yes
WPVDB ID
dfde5436-dd5c-4c70-a9c2-3cb85cc99c0a

Timeline

Publicly Published
2023-10-16 (about 6 months ago)
Added
2023-10-16 (about 6 months ago)
Last Updated
2023-10-16 (about 6 months ago)

Other

Published
Title
Published
2021-12-28
Title
Dynamic Widgets < 1.6 - Reflected Cross-Site Scripting
Published
2019-05-08
Title
Custom Field Suite <= 2.5.14 - Authenticated Cross-Site Scripting (XSS)
Published
2023-02-20
Title
Shipyaari Shipping Management <= 1.0 - Admin+ Stored XSS
Published
2020-09-09
Title
Asset CleanUp: Page Speed Booster < 1.3.6.7 - CSRF & XSS
Published
2023-12-19
Title
Currency Converter Widget < 3.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode