WordPress Plugin Vulnerabilities

TaxoPress < 3.0.7.2 - Authenticated Stored Cross-Site Scripting (XSS)

Description

The plugin does not sanitise its Taxonomy description field, allowing high privilege users to set JavaScript payload in them even when the unfiltered_html capability is disallowed, leading to an authenticated Stored Cross-Site Scripting issue.

Proof of Concept

Add or edit a Taximony (/wp-admin/admin.php?page=st_taxonomiesthe) with the following description: "><img src onerror=alert(/XSS/)>

Then view the Taxonomies table to trigger the XSS

Affects Plugins

Plugin icon
simple-tags
Fixed in 3.0.7.2

References

CVE
CVE-2021-24444

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
4.8 (medium)

Miscellaneous

Original Researcher
Akash Rajendra Patil
Submitter
Akash Rajendra Patil
Submitter website
https://akashpatil.me
Submitter twitter
skypatil98
Verified
Yes
WPVDB ID
a31321fe-adc6-4480-a220-35aedca52b8b

Timeline

Publicly Published
2021-06-30 (about 2 years ago)
Added
2021-06-30 (about 2 years ago)
Last Updated
2022-01-17 (about 2 years ago)

Other

Published
Title
Published
2023-01-27
Title
WPComplete < 2.9.5 - Reflected Cross-Site Scripting
Published
2014-08-01
Title
Redirection - view/admin/log_item.php Non-existent Posts Referer HTTP Header XSS
Published
2022-05-04
Title
WP Slider <= 1.4.5 - Admin+ Stored Cross-Site Scripting
Published
2023-11-29
Title
Automatic Youtube Video Posts Plugin <= 5.2.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings
Published
2023-02-02
Title
Show-Hide / Collapse-Expand < 1.3.0 - Contributor+ Stored XSS via Shortcode