Burst Statistics < 1.5.7 – Contributor+ Stored Cross-Site Scripting via burst_total_pageviews_count | CVE 2024-1894 | Plugin Vulnerabilities

Description

The plugin is vulnerable to Stored Cross-Site Scripting via the 'burst_total_pageviews_count' custom meta field in all versions up to, and including, 1.5.6.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Note that this exploit only functions if the victim has the 'Show Toolbar when viewing site' option enabled in their profile.

Affects Plugins

burst-statistics

Fixed in 1.5.7

References

CVE

URL

https://www.wordfence.com/threat-intel/vulnerabilities/id/fa587df5-9d96-4cac-ae5d-2a0485a3a789

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CVSS

Miscellaneous

Original Researcher

Webbernaut

Verified

No

WPVDB ID

98f227b5-cfd4-4c43-8ed5-5abe77ec6b04

Timeline

Publicly Published

2024-03-12 (about 2 months ago)

Added

2024-03-13 (about 2 months ago)

Last Updated

2024-03-13 (about 2 months ago)

Other

Published

Title

Published

2020-08-31

Title

WP Floating Menu < 1.4.1 - Authenticated Reflected Cross-Site Scripting

Published

2024-03-25

Title

MyBookTable Bookstore < 3.3.8 - Authenticated (Author+) Stored Cross-Site Scripting

Published

2023-08-16

Title

Query Wrangler < 1.5.52 - Reflected XSS

Published

2024-03-13

Title

Elementor Addons by Livemesh < 8.3.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Posts Multislider Widget

Published

2021-09-27

Title

WP Table Builder < 1.3.10 - Reflected Cross-Site Scripting