WordPress Plugin Vulnerabilities

GetResponse for WordPress < 5.5.32 - Contributor+ Stored XSS

Description

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.

Proof of Concept

[grwebform center='on' center_margin='100px;height:100px;background:red;" onmouseover="alert(1)"']

Affects Plugins

Plugin icon
getresponse-integration
Fixed in 5.5.32

References

CVE
CVE-2023-0167

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
6.8 (medium)

Miscellaneous

Original Researcher
Lana Codes
Submitter
Lana Codes
Submitter website
https://lana.codes/
Submitter twitter
LanaCodes
Verified
Yes
WPVDB ID
fafbf666-b908-48ef-9041-fea653e9bfeb

Timeline

Publicly Published
2023-02-21 (about 9 months ago)
Added
2023-02-21 (about 9 months ago)
Last Updated
2023-06-22 (about 5 months ago)

Other

Published
Title
Published
2023-06-13
Title
Password Protected < 2.6.3 - Admin+ Stored XSS
Published
2015-08-24
Title
Portfolio Gallery <= 1.5.7 - Authenticated Reflected Cross-Site Scripting (XSS)
Published
2023-03-03
Title
Manage Upload Limit <= 1.0.4 - Reflected XSS
Published
2022-02-25
Title
Contact Form X < 2.4.1 - Reflected Cross-Site Scripting
Published
2022-05-09
Title
No Future Posts <= 1.4 - Admin+ Stored Cross-Site Scripting