WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

Current Book <= 1.0.1 - Authenticated Stored Cross-Site Scripting (XSS)

Description

The plugin does not sanitize user input when an authenticated user adds Author or Book Title, then does not escape these values when outputting to the browser leading to an Authenticated Stored XSS Cross-Site Scripting issue.

Proof of Concept

1. Install WordPress 5.7.2
2. Install and activate Custom Book
3. Navigate to Tools &gt;&gt; Current Book and enter the XSS payload into the
Book and Author input field.
4. Click Update Options
5. You will observe that the payload successfully got stored into the
database and when you are triggering the same functionality at that time
JavaScript payload is executing successfully and we are getting a pop-up.


Screenshot: https://drive.google.com/folderview?id=1KGsxpWmWm8SbCO3aqBG-_A1UJhho2WhU

Affects Plugins

current-book
No known fix - plugin closed

References

CVE
CVE-2021-24538
ExploitDB
50127

Classification

Type

XSS

OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79

Miscellaneous

Original Researcher

Vikas Srivastava

Submitter

Vikas Srivastava

Submitter website
https://www.linkedin.com/in/007vikaxh
Submitter twitter
007vikaxh
Verified

Yes

WPVDB ID
f9911a43-0f4c-403f-9fca-7822eb693317

Timeline

Publicly Published

2021-07-14 (about 1 years ago)

Added

2021-07-17 (about 1 years ago)

Last Updated

2022-04-12 (about 1 years ago)

Our Other Services

WPScan WordPress Security Plugin