WordPress Plugin Vulnerabilities
Business Directory Plugin < 5.11.2 - Authenticated Stored Cross-Site Scripting
Description
The plugin suffered from lack of sanitisation in the label of the Form Fields, leading to Authenticated Stored Cross-Site Scripting issues across various pages of the plugin.
Proof of Concept
Log on as an admin, create or edit a Form Field (wp-admin/admin.php?page=wpbdp_admin_formfields) and set the Field Label input with a payload such as <script>alert(/XSS/)</script> XSS payloads execute: - On the business directory page when adding a listing: /business-directory/?wpbdp_view=submit_listing - On the Import/Export page: /wp-admin/admin.php?page=wpbdp_admin_csv - When adding/editing a listing /wp-admin/post-new.php?post_type=wpbdp_listing - On various Settings page, such as /wp-admin/admin.php?page=wpbdp_settings&tab=listings&subtab=listings%2Fsorting, /wp-admin/admin.php?page=wpbdp_settings&tab=listings&subtab=search_settings
Affects Plugins
Fixed in version 5.11.2
References
Classification
Miscellaneous
Original Researcher
0xB9
Submitter
0xB9
Submitter twitter
Verified
Yes
Timeline
Publicly Published
2021-04-12 (about 1 years ago)
Added
2021-04-12 (about 1 years ago)
Last Updated
2021-04-14 (about 1 years ago)