WordPress Plugin Vulnerabilities

WP Simple Table Manager Plugin <= 1.5.6 - Admin+ Stored Cross-Site Scripting

Description

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

Proof of Concept

1. Click Simple Table Manager then "Export CSV" after selecting and saving a table in  "Settings" tab. 
2. Put the following in CSV file name then click Save: "><img src=1 onerror=alert(/xss/)>
3. An alert will load, and it will trigger each time an admin navigates to those settings.

Affects Plugins

Plugin icon
simple-table-manager
No known fix

References

CVE
CVE-2023-4858
URL
https://github.com/nightcloudos/bug_report/blob/main/vendors/poc2.md

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
3.5 (low)

Miscellaneous

Original Researcher
niclo
Submitter
niclo
Verified
Yes
WPVDB ID
ef8029e0-9282-401a-a77d-10b6656adaa6

Timeline

Publicly Published
2023-10-16 (about 1 months ago)
Added
2023-10-16 (about 1 months ago)
Last Updated
2023-10-16 (about 1 months ago)

Other

Published
Title
Published
2017-02-07
Title
XO Security < 1.5.3 - XSS
Published
2023-04-19
Title
Continuous announcement scroller <= 13.0 - Admin+ Stored XSS
Published
2022-08-29
Title
Beaver Builder < 2.5.5.3 - Authenticated Stored XSS via Image URL
Published
2014-08-01
Title
PDF And Print Button Joliprint <= 1.3.0 - Cross Site Scripting
Published
2023-02-15
Title
Inline Tweet Sharer < 2.6 - Admin+ Stored XSS