Solidres <= 0.9.4 – Admin+ Stored XSS | CVE 2023-1374

Description

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

Proof of Concept

Add a new currency (/wp-admin/admin.php?page=sr-add-new-currency) with the following payload as Name: "><scg/onload=alert(/XSS/)>

Affects Plugins

solidres

No known fix

References

CVE

CVE-2023-1374

URL

https://danielkelley.me/solidres-hotel-booking-plugin-for-wordpress-post-based-xss-vulnerability-in-add-new-currency-feature/

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CWE-79

CVSS

3.5 (low)

Miscellaneous

Original Researcher

Daniel Kelley

Verified

Yes

WPVDB ID

2ae3c4f9-5ce7-47e9-b35c-0e5cabd3ef9c

Timeline

Publicly Published

2023-03-13 (about 1 years ago)

Added

2023-03-13 (about 1 years ago)

Last Updated

2023-03-13 (about 1 years ago)

Other

Published

Title

Published

2018-12-11

Title

Import users from CSV with meta <= 1.12 - Import Cross-Site Scripting (XSS)

Published

2017-08-24

Title

FG PrestaShop for WooCommerce < 3.20.0 - XSS

Published

2024-01-03

Title

ARForms < 1.5.9 - Unauthenticated Stored XSS

Published

2014-08-01

Title

Zopim Live Chat <= 1.2.5 - XSS in ZeroClipboard

Published

2014-08-01

Title

ShrimpTest 1.0b2 - plugins/plugin-notification.php Unspecified XSS