WordPress Plugin Vulnerabilities

Directories Pro < 1.3.46 - Authenticated Self-Reflected Cross-Site Scripting

Description

The plugin did not sanitise the column names when importing a malicious CSV file, allowing for HTML or JavaScript injection.

Proof of Concept

Iimport a CSV file containing the following in the header: 'term<b>" autofocus onfocus={alert('Complex\u0020XSS');alert(document.cookie);}//'"

Affects Plugins

Plugin icon
directories
Fixed in 1.3.46

References

CVE
CVE-2020-29304
URL
https://seclists.org/fulldisclosure/2020/Dec/15

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
3.5 (low)

Miscellaneous

Original Researcher
Jack Misiura
Verified
No
WPVDB ID
fcf6894f-d2dd-4cd5-9d42-7f617c2bba32

Timeline

Publicly Published
2020-12-12 (about 3 years ago)
Added
2020-12-12 (about 3 years ago)
Last Updated
2020-12-14 (about 3 years ago)

Other

Published
Title
Published
2023-04-18
Title
YellowPencil Visual CSS Style Editor < 7.5.9 - Admin+ Stored XSS
Published
2024-02-20
Title
Beaver Builder < 2.7.4.3 - Contributor+ Stored XSS
Published
2021-02-14
Title
Zebra_Form Library <= 2.9.8 - Reflected Cross-Site Scripting (XSS)
Published
2023-09-29
Title
User Activity Log Pro < 2.3.4 - Unauthenticated Stored Cross-Site Scripting via User Agent
Published
2023-03-17
Title
WP Job Portal < 2.0.6 - Subscriber+ Stored XSS