WordPress Plugin Vulnerabilities

Responsive Pricing Table < 5.1.8 - Admin+ Stored Cross-Site Scriping

Description

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

Proof of Concept

1. Create a New Pricing Table and Add a pricing plan.
2. Add the following malicious XSS payload in the "Short description" parameter.
XSS payload: `"><scri<script>pt>alert(1)</scri</script>pt>`
3. Save the Pricing table and click the Instant preview button to see the XSS.

Affects Plugins

Plugin icon
dk-pricr-responsive-pricing-table
Fixed in 5.1.8

References

CVE
CVE-2023-4810
URL
https://portswigger.net/web-security/cross-site-scripting/stored

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
3.5 (low)

Miscellaneous

Original Researcher
Vaishnav Rajeevan
Submitter
Vaishnav Rajeevan
Submitter website
https://twitter.com/vaishnavrajeev6
Submitter twitter
vaishnavrajeev6
Verified
Yes
WPVDB ID
dfde5436-dd5c-4c70-a9c2-3cb85cc99c0a

Timeline

Publicly Published
2023-10-16 (about 1 months ago)
Added
2023-10-16 (about 1 months ago)
Last Updated
2023-10-16 (about 1 months ago)

Other

Published
Title
Published
2023-11-07
Title
Products, Order & Customers Export for WooCommerce <= 2.0.7 - Reflected XSS
Published
2023-01-11
Title
Vimeo Video Autoplay Automute <= 1.0 - Contributor+ Stored XSS
Published
2022-08-29
Title
Slickr Flickr <= 2.8.1 - Admin+ Stored Cross-Site Scripting
Published
2023-04-28
Title
CM On Demand Search And Replace < 1.3.1 - Admin+ Stored XSS
Published
2022-07-18
Title
mTouch Quiz <= 3.1.3 - Admin+ Stored Cross Site Scripting