Lightweight Accordion < 1.5.15 – Contributor+ Stored XSS | CVE 2023-0373

Description

The plugin does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks

Proof of Concept

Exploit Additional CSS class(es) for "Lightweight Accordion" Gutenberg block:
" onmouseover="alert(1)"

Affects Plugins

lightweight-accordion

Fixed in 1.5.15

References

CVE

CVE-2023-0373

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CWE-79

CVSS

6.8 (medium)

Miscellaneous

Original Researcher

Lana Codes

Submitter

Lana Codes

Submitter website

https://lana.codes/

Submitter twitter

LanaCodes

Verified

Yes

WPVDB ID

fe60ea83-b584-465a-8128-b7358d8da3af

Timeline

Publicly Published

2023-01-23 (about 1 years ago)

Added

2023-01-23 (about 1 years ago)

Last Updated

2023-01-23 (about 1 years ago)

Other

Published

Title

Published

2024-03-28

Title

B Slider - Slider for your block editor < 1.1.13 - Authenticated (Contributor+) Stored Cross-Site Scripting

Published

2024-05-10

Title

Beaver Builder < 2.8.1.3 - Contributor+ Stored Cross-Site Scripting via photo widget crop attribute

Published

2021-07-30

Title

Youtube Feeder <= 2.0.1 - CSRF to Stored XSS

Published

2022-07-31

Title

Fast Flow < 1.2.13 - Admin+ Stored Cross-Site Scripting

Published

2014-04-25

Title

Flog <= 0.1 - Unauthenticated Reflected Cross-Site Scripting (XSS)