eVision Responsive Column Layout Shortcodes <= 2.3 – Contributor+ Stored XSS | CVE 2023-0064

Description

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.

Proof of Concept

[bscolumns class='" onmouseover="alert(1)" style="background:red;width:100px;height:100px;"']

Affects Plugins

wens-responsive-column-layout-shortcodes

No known fix

References

CVE

CVE-2023-0064

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CWE-79

CVSS

6.8 (medium)

Miscellaneous

Original Researcher

Lana Codes

Submitter

Lana Codes

Submitter website

https://lana.codes/

Submitter twitter

LanaCodes

Verified

Yes

WPVDB ID

97be5795-b5b8-40c7-80bf-7da95da7705a

Timeline

Publicly Published

2023-02-13 (about 1 years ago)

Added

2023-02-13 (about 1 years ago)

Last Updated

2023-02-13 (about 1 years ago)

Other

Published

Title

Published

2022-09-14

Title

Awesome Support < 6.0.8 - Authenticated Stored XSS

Published

2011-09-27

Title

Evolve < 1.2.6 - XSS

Published

2024-05-07

Title

Advanced Ads – Ad Manager & AdSense < 1.52.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Ad Widget

Published

2018-01-17

Title

WordPress 3.7-4.9.1 - MediaElement Cross-Site Scripting (XSS)

Published

2022-10-21

Title

WP Page Builder < 1.2.7 - Author+ Stored XSS