logoWordPressPluginsThemesAPISubmitContact
search-icon
logo
search-icon
WordPressPluginsThemesAPISubmitContactSecurity Scanner
Register

Business Directory Plugin < 5.11.2 - Authenticated Stored Cross-Site Scripting

Description

The plugin suffered from lack of sanitisation in the label of the Form Fields, leading to Authenticated Stored Cross-Site Scripting issues across various pages of the plugin.

Proof of Concept

Log on as an admin, create or edit a Form Field (wp-admin/admin.php?page=wpbdp_admin_formfields) and set the Field Label input with a payload such as <script>alert(/XSS/)</script>

XSS payloads execute:
- On the business directory page when adding a listing: /business-directory/?wpbdp_view=submit_listing
- On the Import/Export page: /wp-admin/admin.php?page=wpbdp_admin_csv
- When adding/editing a listing /wp-admin/post-new.php?post_type=wpbdp_listing
- On various Settings page, such as /wp-admin/admin.php?page=wpbdp_settings&tab=listings&subtab=listings%2Fsorting, /wp-admin/admin.php?page=wpbdp_settings&tab=listings&subtab=search_settings

Affects Plugins

business-directory-plugin

Fixed in version 5.11.2

References

CVE

CVE-2021-24250

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CWE-79

Miscellaneous

Original Researcher

0xB9

Submitter

0xB9

Submitter twitter

0xB9sec

Verified

Yes

WPVDB ID

e23bf712-d891-4df7-99cc-9ef64f19f685

Timeline

Publicly Published

2021-04-12 (about 3 months ago)

Added

2021-04-12 (about 3 months ago)

Last Updated

2021-04-14 (about 3 months ago)

Our Other Services

WPScan WordPress Security Plugin