MyBookTable <= 3.2.2 – Multiple XSS | Plugin Vulnerabilities

Description

Version <= 3.2.1 contains multiple XSS in various locations due to not escaping user's input before output it, example: https://<BLOG>/wp-admin/admin.php?page=mbt_help&mbt_video_tutorial="><svg/onload=alert(/XSS/)>

WPScan Team:

v3.2.2 implemented numerous sanitisation improvements, however there was still at least one DOM XSS:

https://<BLOG>/wp-admin/admin.php?page=mbt_help&mbt_video_tutorial=<svg/onload=alert(/XSS/)>

June 30th - Vendor Contacted about the DOM XSS
June 30th - Fix pushed in Trunk, vendor also reviewed all other usage of jQuery in the plugin, and didn't find other cases of user input in a jQuery selector.
July 3rd - Version 3.2.3 Released

Affects Plugins

Fixed in 3.2.3

References

URL

https://plugins.trac.wordpress.org/changeset?reponame=&new=2117000%40mybooktable&old=2081979%40mybooktable

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

Miscellaneous

Verified

No

WPVDB ID

aeec4dcf-f729-4abb-8302-ebc68c3e560c

Timeline

Publicly Published

2019-07-03 (about 4 years ago)

Added

2019-07-05 (about 4 years ago)

Last Updated

2019-07-05 (about 4 years ago)

Other

Published

Title

Published

2019-02-05

Title

WP Google Maps < 7.10.43 - Cross-Site Scripting (XSS)

Published

2023-05-04

Title

Cart Lift < 3.1.6 - Reflected XSS

Published

2023-07-17

Title

MultiParcels Shipping For WooCommerce < 1.15.4 - Reflected XSS

Published

2023-05-09

Title

VK Blocks < 1.54.0 - Multiple Stored XSS

Published

2022-01-10

Title

WooCommerce – Store Exporter < 2.7.1 - Reflected Cross-Site Scripting (XSS)