Storefront Footer Text <= 1.0.1 – Admin+ Stored Cross-Site Scripting | CVE 2021-24607 | Plugin Vulnerabilities

Description

The plugin does not sanitize and escape the "Footer Credit Text" added to pages, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered-html capability is disallowed.

Proof of Concept

(The plugin requires the Storefront theme)

Go to Appearance > Customize (/wp-admin/customize.php), open the Footer customisation and put the following payload in the Footer Credit Text: <script>alert(/XSS/)</script>

The XSS will be triggered in all frontend pages, and Customise admin panel as well

Affects Plugins

storefront-footer-text

No known fix

References

CVE

URL

https://www.hackpertise.com/cve/24/

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CVSS

Miscellaneous

Original Researcher

Asif Nawaz Minhas

Submitter

Asif Nawaz Minhas

Verified

Yes

WPVDB ID

efa7d91a-447b-4fd8-aa21-5364b177fee9

Timeline

Publicly Published

2021-10-11 (about 4 years ago)

Added

2021-10-11 (about 4 years ago)

Last Updated

2023-04-12 (about 2 years ago)

Other

Published

Title

Published

2023-03-02

Title

Easy Testimonial Slider and Form < 1.0.16 - Reflected Cross-Site Scripting

Published

2024-12-30

Title

Arconix Shortcodes < 2.1.15 - Authenticated (Contributor+) Stored Cross-Site Scripting

Published

2024-12-24

Title

MailPoet < 5.5.2 - Admin+ Stored XSS

Published

2024-05-31

Title

PayPal Pay Now, Buy Now, Donation and Cart Buttons Shortcode <= 1.7 - Admin+ Stored XSS

Published

2024-02-29

Title

Exclusive Addons for Elementor < 2.6.9.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Call To Action Widget