Sell Photo < 1.0.6 – Authenticated Stored Cross-Site Scripting

Description

The Button Text/Image field in Settings page of Sell Photos Plugin was found to be vulnerable to stored XSS, as they did not sanitize user given input properly. It is triggered when a users loads a page where the plugin is used, and when an admin opens settings page of the plugin.

Proof of Concept

The PoC will be displayed once the issue has been remediated.

Affects Plugins

sell-photo

Fixed in 1.0.6

References

URL

https://packetstormsecurity.com/files/#158872/

URL

https://melbin.in/2020/08/14/stored-xss-vulnerability-in-wordpress-sell-photo-plugin/

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CWE-79

CVSS

3.5 (low)

Miscellaneous

Original Researcher

Melbin K Mathew

Submitter

Melbin K Mathew

Submitter twitter

melbinkm

Verified

WPVDB ID

54b630c7-9156-4193-b842-56c9f64684e4

Timeline

Publicly Published

2020-08-17 (about 3 years ago)

Added

2020-08-17 (about 3 years ago)

Last Updated

2023-08-24 (about 8 months ago)

Other

Published

Title

Published

2021-06-28

Title

Awesome Weather Widget <= 3.0.2 - Reflected Cross-site Scripting (XSS)

Published

2022-09-29

Title

Analytics Cat < 1.1.0 - Admin+ Stored Cross-Site Scripting

Published

2022-11-28

Title

Popup Manager <= 1.6.6 - Unauthenticated Stored XSS

Published

2018-04-24

Title

Responsive Cookie Consent <= 1.7 - Authenticated Stored Cross-Site Scripting (XSS)

Published

2017-03-06

Title

WordPress 4.7-4.7.2 - Cross-Site Scripting (XSS) via Taxonomy Term Names