Vulners
Lucene search
WordPress DirectoriesPro 1.3.45 Cross Site Scripting
| Reporter | Title | Published | Views | Family All 24 |
|---|---|---|---|---|
 | CVE-2020-29303 | 14 Dec 202022:39 | – | circl |
 | WordPress SabaiApps DirectoriesPro plugin 跨站脚本漏洞 | 11 Dec 202000:00 | – | cnnvd |
| WordPress 跨站脚本漏洞 | 11 Dec 202000:00 | – | cnnvd |
 | WordPress SabaiApps DirectoriesPro plugin cross-site scripting vulnerability (CNVD-2021-04368) | 15 Dec 202000:00 | – | cnvd |
| WordPress SabaiApps DirectoriesPro plugin cross-site scripting vulnerability | 15 Dec 202000:00 | – | cnvd |
 | CVE-2020-29303 | 14 Dec 202019:43 | – | cve |
| CVE-2020-29304 | 14 Dec 202019:48 | – | cve |
 | CVE-2020-29303 | 14 Dec 202019:43 | – | cvelist |
| CVE-2020-29304 | 14 Dec 202019:48 | – | cvelist |
 | EUVD-2020-21678 | 7 Oct 202500:30 | – | euvd |
10
`Title: Reflected XSS
Product: WordPress DirectoriesPro Plugin by SabaiApps
Vendor Homepage: https://directoriespro.com/
Vulnerable Version: 1.3.45
Fixed Version: 1.3.46
CVE Number: CVE-2020-29303
Author: Jack Misiura from The Missing Link
Website: https://www.themissinglink.com.au
Timeline:
2020-11-26 Disclosed to Vendor
2020-11-27 Vendor releases patched version
2020-12-07 Fix confirmed
2020-12-10 Publication
1. Vulnerability Description
The WordPress DirectoriesPro plugin did not sanitise the _drts_form_build_id in a POST request, allowing for HTML or JavaScript injection.
2. PoC
On a WordPress installation with a vulnerable DirectoriesPro plugin, issue the following POST request while logged in as Administrator to, for example, http://example.com/wp-admin/admin.php?page=drts/directories <http://example.com/wp-admin/admin.php?page=drts/directories&q=%2Fdirectories%2Fstaff%2Fexport%2F> &q=%2Fdirectories%2Fstaff%2Fexport%2F. Please note, the _t_ parameter is set to an invalid or non-existent CSRF token.
filename=staff_txt&pretty_print=1&_drts_form_build_id=123"><script>alert('Reflected%20XSS');</script>%20onmouseover="&_t_=1234567&_drts_form_submit%5B0%5D=0&_ajax_=%23drts-modal
3. Solution
The vendor provides an updated version (1.3.46) which should be installed immediately.
4. Advisory URL
https://www.themissinglink.com.au/security-advisories
Jack Misiura
Application Security Consultant
-----------
Title: Self-reflected XSS
Product: WordPress DirectoriesPro Plugin by SabaiApps
Vendor Homepage: https://directoriespro.com/
Vulnerable Version: 1.3.45
Fixed Version: 1.3.46
CVE Number: CVE-2020-29304
Author: Jack Misiura from The Missing Link
Website: https://www.themissinglink.com.au
Timeline:
2020-11-26 Disclosed to Vendor
2020-11-27 Vendor releases patched version
2020-12-07 Fix confirmed
2020-12-10 Publication
1. Vulnerability Description
The WordPress DirectoriesPro plugin did not sanitise the column names when importing a malicious CSV file, allowing for HTML or JavaScript injection.
2. PoC
On a WordPress installation with a vulnerable DirectoriesPro plugin import a CSV file containing the following in the header:
'term<b>" autofocus onfocus={alert('Complex\u0020XSS');alert(document.cookie);}//'"
3. Solution
The vendor provides an updated version (1.3.46) which should be installed immediately.
4. Advisory URL
https://www.themissinglink.com.au/security-advisories
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
11 Dec 2020 00:00Current
6.2Medium risk
Vulners AI Score6.2
EPSS0.01235