WordPress Plugin Vulnerabilities

Current Book <= 1.0.1 - Authenticated Stored Cross-Site Scripting (XSS)

Description

The plugin does not sanitize user input when an authenticated user adds Author or Book Title, then does not escape these values when outputting to the browser leading to an Authenticated Stored XSS Cross-Site Scripting issue.

Proof of Concept

1. Install WordPress 5.7.2
2. Install and activate Custom Book
3. Navigate to Tools >> Current Book and enter the XSS payload into the
Book and Author input field.
4. Click Update Options
5. You will observe that the payload successfully got stored into the
database and when you are triggering the same functionality at that time
JavaScript payload is executing successfully and we are getting a pop-up.


Screenshot: https://drive.google.com/folderview?id=1KGsxpWmWm8SbCO3aqBG-_A1UJhho2WhU

Affects Plugins

Plugin icon
current-book
No known fix

References

CVE
CVE-2021-24538
Exploitdb
50127

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
3.8 (low)

Miscellaneous

Original Researcher
Vikas Srivastava
Submitter
Vikas Srivastava
Submitter website
https://www.linkedin.com/in/007vikaxh
Submitter twitter
007vikaxh
Verified
Yes
WPVDB ID
f9911a43-0f4c-403f-9fca-7822eb693317

Timeline

Publicly Published
2021-07-14 (about 2 years ago)
Added
2021-07-17 (about 2 years ago)
Last Updated
2022-04-12 (about 1 years ago)

Other

Published
Title
Published
2023-04-24
Title
Product Addons & Fields for WooCommerce < 32.0.6 - Admin+ Stored Cross-Site Scripting
Published
2016-04-01
Title
Cerber Limit Login Attempts <= 2.0.1.6 - Unauthenticated Stored XSS
Published
2022-03-30
Title
Spam protection, AntiSpam, FireWall by CleanTalk < 5.174.1 - Reflected Cross-Site Scripting
Published
2023-11-10
Title
Welcart e-Commerce < 2.9.5 - Reflected XSS
Published
2022-04-13
Title
Easily Generate Rest API Url <= 1.0.0 - Admin+ Stored Cross-Site Scripting