WordPress Plugin Vulnerabilities

PDF Viewer < 1.0.0 - Contributor+ Stored XSS via Shortcode

Description

The plugin does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack.

Proof of Concept

Exploit shortcode:

[pdfviewer height='" onmouseover="alert(1)"']http://localhost/file.pdf[/pdfviewer]

Affects Plugins

Plugin icon
pdf-viewer
Fixed in 1.0.0

References

CVE
CVE-2023-0033

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
6.8 (medium)

Miscellaneous

Original Researcher
Lana Codes
Submitter
Lana Codes
Submitter website
https://lana.codes/
Submitter twitter
LanaCodes
Verified
Yes
WPVDB ID
2d9ae43b-75a7-4fcc-bce3-d9e9d7a97ec0

Timeline

Publicly Published
2023-01-03 (about 1 years ago)
Added
2023-01-03 (about 1 years ago)
Last Updated
2023-01-03 (about 1 years ago)

Other

Published
Title
Published
2023-07-07
Title
Video Gallery < 1.3.13 - Admin+ Stored XSS
Published
2021-05-26
Title
Gallery From Files <= 1.6.0 - Reflected Cross-Site Scripting (XSS)
Published
2020-01-30
Title
Registration Magic < 4.6.0.3 - Multiple Cross-Site Scripting (XSS)
Published
2024-04-19
Title
Happy Addons for Elementor < 3.10.6 - Contributor+ Stored XSS via HTML Tags
Published
2022-06-27
Title
Contact Form 7 Captcha < 0.1.2 - Reflected Cross-Site Scripting