WordPress Plugin Vulnerabilities

Kanban Boards for WordPress < 2.5.21 - Admin+ Stored XSS

Description

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

Proof of Concept

1. Go to https://example.com/wp-admin/admin.php?page=kanban_settings#tab-statuses.

2. Click the button "Add another status".

3. Name of the status should be: <script>alert(1)</script>, and save your settings.

4. Go to https://example.com/wp-admin/admin.php?page=kanban_settings#tab-users, and check every user under Allowed Users.

5. As any user, go to https://example.com/?board_id=1&kanban=board, and XSS will be triggered for any logged-in user.

Affects Plugins

Plugin icon
kanban
Fixed in 2.5.21

References

CVE
CVE-2023-0873

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
3.5 (low)

Miscellaneous

Original Researcher
Shreya Pohekar
Submitter
Shreya Pohekar
Submitter website
https://shreyapohekar.com
Submitter twitter
shreyapohekar
Verified
Yes
WPVDB ID
8816d4c1-9e8e-4b6f-a36a-10a98a7ccfcd

Timeline

Publicly Published
2023-06-08 (about 11 months ago)
Added
2023-06-05 (about 11 months ago)
Last Updated
2023-06-05 (about 11 months ago)

Other

Published
Title
Published
2022-07-19
Title
Elementor Contact Form DB < 1.8.0 - Reflected Cross-Site Scripting
Published
2015-10-03
Title
Relevant Related Posts <= 1.0.7 - Cross-Site Scripting (XSS)
Published
2023-07-17
Title
WPCode < 2.0.13.1 - Reflected XSS
Published
2023-10-02
Title
Notice Bar < 3.1.1 - Contributor+ Stored XSS
Published
2016-12-09
Title
Social Share Buttons - Social Pug <= 1.2.5 - Authenticated Cross-Site Scripting (XSS)