Larsens Calender <= 1.2 - Stored Cross-Site Scripting (XSS)

Description

The plugin does not sanitise or encode the Title of the calendar entries when outputting them in the admin dashboard, leading to Stored XSS issue. Due to the lack of CSRF check, this can be exploited by a CSRF attack, making logged in administrators create malicious entries

Proof of Concept

The PoC will be displayed once the issue has been remediated

Affects Plugins

larsens-calender

No known fix - plugin closed

References

CVE

CVE-2020-23762

URL

http://hidden-one.co.in/2021/04/09/cve-2020-23762-stored-xss-vulnerability-in-the-larsens-calender-plugin-version/

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CWE-79

Miscellaneous

Original Researcher

TH3 HIDD3N 0N3

Verified

Yes

WPVDB ID

e8b176d1-6a19-4b34-9cae-a928e013f0cd

Timeline

Publicly Published

2021-04-09 (about 9 months ago)

Added

2021-04-10 (about 9 months ago)

Last Updated

2021-04-12 (about 9 months ago)

Our Other Services

WPScan WordPress Security Plugin