Sitewide Notice WP < 2.3 – Admin+ Stored XSS | CVE 2021-24592

Description

The plugin does not sanitise some of its settings before outputting them in frontend pages, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed

Proof of Concept

Put the following payload in the Message setting of the plugin: <script>alert(/XSS/)</script>

The XSS will be triggered in all frontend pages

Affects Plugins

sitewide-notice-wp

Fixed in 2.3

References

CVE

CVE-2021-24592

URL

https://www.hackpertise.com/cve/6-cve-2021-24592/

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CWE-79

CVSS

3.4 (low)

Miscellaneous

Original Researcher

Asif Nawaz Minhas

Submitter

Asif Nawaz Minhas

Verified

Yes

WPVDB ID

9579ff13-9597-4a77-8cb9-997e35265d22

Timeline

Publicly Published

2021-08-02 (about 2 years ago)

Added

2021-08-02 (about 2 years ago)

Last Updated

2023-04-12 (about 1 years ago)

Other

Published

Title

Published

2014-11-26

Title

Google Analytics by Yoast <= 5.1.2 Cross-Site Scripting (XSS)

Published

2019-04-16

Title

MailPoet < 3.23.2 - Reflected Cross-Site Scripting Issue

Published

2024-03-28

Title

Better Elementor Addons < 1.4.2 - Contributor+ Stored XSS

Published

2018-01-17

Title

BuddyBoss Media <= 3.2.3 - Stored XSS

Published

2023-01-23

Title

Oi Yandex.Maps <= 3.2.7 - Contributor+ Stored XSS