Colibri Page Builder < 1.0.240 – Contributor+ Stored XSS | CVE 2023-6988

Description

The plugin does not validate and escape some its extend_builder_render_js shortcode content before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks

Proof of Concept

[extend_builder_render_js]alert(/XSS/)[/extend_builder_render_js]

Affects Plugins

colibri-page-builder

Fixed in 1.0.240

References

CVE

CVE-2023-6988

URL

https://www.wordfence.com/threat-intel/vulnerabilities/id/300b24af-10a1-45b9-87ec-7c98dc94e76b

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CWE-79

CVSS

5.9 (medium)

Miscellaneous

Original Researcher

Hung -mov Nguyen

Verified

Yes

WPVDB ID

fb571ebf-b39e-417b-86fa-a2f6c289eec0

Timeline

Publicly Published

2023-12-23 (about 2 years ago)

Added

2023-12-26 (about 2 years ago)

Last Updated

2023-12-26 (about 2 years ago)

Other

Published

Title

Published

2024-12-17

Title

BU Section Editing <= 0.9.9 - Reflected Cross-Site Scripting

Published

2026-03-03

Title

Agrofood < 1.4.0 - Reflected Cross-Site Scripting

Published

2023-04-19

Title

White Label Branding for Elementor Page Builder <= 1.0.2 - Admin+ Stored XSS

Published

2024-12-05

Title

Folder Gallery <= 1.7.4 - Authenticated (Contributor+) Stored Cross-Site Scripting

Published

2022-01-31

Title

WS Form < 1.8.176 - Unauthenticated Stored Cross-Site Scripting