WordPress Plugin Vulnerabilities
Jetpack < 13.2.1 - Contributor+ Stored XSS
Description
The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks
Proof of Concept
When the "Let visitors subscribe to new posts and comments via email" settings is enabled (in the Newsletter section), add the below shortcode to a post: [jetpack_subscription_form title="hola \x3cscript\x3ealert(1)\x3c/script\x3e" show_only_email_and_button="" subscribe_text="\x3cscript\x3ealert(1)\x3c/script\x3e" ]
Affects Plugins
Classification
Type
XSS
OWASP top 10
CWE
Miscellaneous
Original Researcher
Alex Concha
Submitter
Alex Concha
Verified
Yes
WPVDB ID
Timeline
Publicly Published
2024-03-25 (about 1 months ago)
Added
2024-03-25 (about 1 months ago)
Last Updated
2024-03-25 (about 1 months ago)