Lucene search
Dmitrii IgnatyevWPEX-ID:30546402-03B8-4E18-AD7E-04A6B556FFD7HistoryFeb 26, 2024 - 12:00 a.m.
Responsive Pricing Table < 5.1.11 - Author+ Stored XSS
2024-02-2600:00:00
Dmitrii Ignatyev
49
vulnerable input fields
stored xss
javascript exploits
new pricing table
Description The plugin does not validate and escape some of its Pricing Table options before outputting them back in a page/post where the related shortcode is embed, which could allow users with the author role and above to perform Stored Cross-Site Scripting attacks
- Create a new Pricing Table
- Fill it with valid information, except for the "CSS classes", "Add custom code here" and "Button URL " sections
- Payloads:
- CSS classes: " onmouseover='alert(/CSS/);'
- Custom Code: <script>alert(/CustomCode/);</script>
- Button URL: javascript:alert(/XSS/) (requires the Custom Code to be empty, and the '_rpt_open_newwindow' post meta to be anything other than 'newwindow')References
Related
cvelist
cvelist
CVE-2024-1333 Responsive Pricing Table < 5.1.11 - Author+ Stored XSS
2024-03-18 15:15:26
wpvulndb
wpvulndb
Responsive Pricing Table < 5.1.11 - Author+ Stored XSS
2024-02-26 00:00:00
nvd
nvd
CVE-2024-1333
2024-03-18 16:15:07
cve
cve
CVE-2024-1333
2024-03-18 16:15:07
vulnrichment
vulnrichment
CVE-2024-1333 Responsive Pricing Table < 5.1.11 - Author+ Stored XSS
2024-03-18 15:15:26
wordfence
wordfence
AI Score
8.3
Confidence
High
EPSS
0
Percentile
9.0%
Related for WPEX-ID:30546402-03B8-4E18-AD7E-04A6B556FFD7