Current Book <= 1.0.1 – Authenticated Stored Cross-Site Scripting (XSS) | CVE 2021-24538 | Plugin Vulnerabilities

Description

The plugin does not sanitize user input when an authenticated user adds Author or Book Title, then does not escape these values when outputting to the browser leading to an Authenticated Stored XSS Cross-Site Scripting issue.

Proof of Concept

1. Install WordPress 5.7.2
2. Install and activate Custom Book
3. Navigate to Tools >> Current Book and enter the XSS payload into the
Book and Author input field.
4. Click Update Options
5. You will observe that the payload successfully got stored into the
database and when you are triggering the same functionality at that time
JavaScript payload is executing successfully and we are getting a pop-up.


Screenshot: https://drive.google.com/folderview?id=1KGsxpWmWm8SbCO3aqBG-_A1UJhho2WhU

Affects Plugins

No known fix

References

CVE

Exploitdb

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CVSS

Miscellaneous

Original Researcher

Vikas Srivastava

Submitter

Vikas Srivastava

Submitter website

https://www.linkedin.com/in/007vikaxh

Submitter twitter

Verified

Yes

WPVDB ID

f9911a43-0f4c-403f-9fca-7822eb693317

Timeline

Publicly Published

2021-07-14 (about 2 years ago)

Added

2021-07-17 (about 2 years ago)

Last Updated

2022-04-12 (about 2 years ago)

Other

Published

Title

Published

2014-09-22

Title

Wu-Rating 1.0 - wu-ratepost.php v Parameter Reflected XSS

Published

2014-08-01

Title

A Forms 1.4.0 - a-forms.php add_field_to_section Function Multiple Parameter XSS

Published

2024-03-21

Title

Page Builder: Pagelayer – Drag and Drop website builder < 1.8.5 - Contributor+ Stored XSS

Published

2023-05-18

Title

Jazz Popups <= 1.8.7 - Unauthenticated Reflected Cross-Site Scripting

Published

2022-12-27

Title

Pardakht Delkhah < 2.9.3 - Unauthenticated Stored XSS