WordPress Plugin Vulnerabilities

Pretty Url <= 1.5.4 - Admin+ Stored XSS in plugin settings

Description

Plugin does not sanitize and escape the URL field in the plugin settings, which could allow high-privilege users to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

Proof of Concept

1. In the "Enter the URL: field, add the XSS payload `<img src=x onerror=alert(1)>` and save
2. Payload will be executed upon reload.

Affects Plugins

Plugin icon
pretty-url
No known fix

References

CVE
CVE-2023-2009

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
3.5 (low)

Miscellaneous

Original Researcher
Shezad Master
Submitter
Shezad Master
Verified
Yes
WPVDB ID
f7988a18-ba9d-4ead-82c8-30ea8223846f

Timeline

Publicly Published
2023-04-18 (about 1 years ago)
Added
2023-04-18 (about 1 years ago)
Last Updated
2023-04-18 (about 1 years ago)

Other

Published
Title
Published
2024-04-15
Title
MF Gig Calendar <= 1.2.1 - Editor+ Stored XSS
Published
2023-10-31
Title
Login Screen Manager <= 3.5.2 - Stored XSS via CSRF
Published
2016-06-22
Title
WordPress File Monitor - Stored Cross-Site Scripting (XSS)
Published
2024-04-25
Title
The Plus Addons for Elementor < 5.5.0 - Contributor+ Stored Cross-Site Scripting via Countdown Widget
Published
2021-04-19
Title
Photo Gallery < 1.5.69 - Multiple Reflected Cross-Site Scripting (XSS)