Lucene search
Francesco CarlucciWPEX-ID:E247D78A-7243-486C-A017-7471A8DCB800HistoryFeb 02, 2022 - 12:00 a.m.
Custom Content Shortcode < 4.0.2 - Authenticated Stored Cross-Site Scripting
2022-02-0200:00:00
Francesco Carlucci
106
custom content shortcode
authenticated
stored
cross-site scripting
contributor
custom field
post editor
xss exploit
EPSS
0.001
Percentile
24.8%
The plugin does not escape custom fields before outputting them, which could allow Contributor+ (v < 4.0.1) or Admin+ (v < 4.0.2) users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed. Please note that such attack is still possible by admin+ in single site blogs by default (but won’t be when the unfiltered_html is disallowed)
As a contributor, add a custom field in a post (while in a post editor, open the Options panel > Preferences > Panels and enable the Custom Fields), such as test_xss with a value of <script>alert(/XSS/)</script>
Then add the following shortcode to the post [field test_xss] and view/preview it to trigger the XSSRelated
patchstack
patchstack
nvd
nvd
CVE-2021-24826
2022-03-07 09:15:08
cvelist
cvelist
prion
prion
Cross site scripting
2022-03-07 09:15:00
wpvulndb
wpvulndb
Custom Content Shortcode < 4.0.2 - Authenticated Stored Cross-Site Scripting
2022-02-02 00:00:00
cve
cve
CVE-2021-24826
2022-03-07 09:15:08