WP Customer Reviews < 3.5.6 - Authenticated Stored Cross-Site Scripting (XSS)

2021-05-0400:00:00

Truoc Phan

320

wordpress

xss

cross-site scripting

EPSS

0.001

Percentile

24.8%

JSON

The plugin did not sanitise some of its settings, allowing high privilege users such as administrators to set XSS payloads in them which will then be triggered in pages where reviews are enabled

1. Login to WordPress as an Administrator
2. Install and Activate plugin "WP Customer Reviews"
3. Click on "Reviews > Plugin Settings > Review Form Settings"
4. Insert the XSS payload (my XSS payload: <img src=x onerror=alert(1)>) into any field at "Standard fields on reviews" or/and "Custom fields on reviews", then click on "Save Changes".
5. Go to any post where Reviews are enabled to trigger the XSS

References

plugins.trac.wordpress.org/changeset/2520157/

EPSS

0.001

Percentile

24.8%

JSON

Related for WPEX-ID:C450F54A-3372-49B2-8AD8-68D5CC0DD49E