Zeyad AlshahraniWPVDB-ID:4423B023-CF4A-46CB-B314-7A09AC08B29AShared Files < 1.7.6 - Unauthenticated Stored Cross-Site Scripting
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
7.2 High
AI Score
Confidence
Low
5.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
0.0005 Low
EPSS
Percentile
13.8%
Description The plugin does not return the right Content-Type header for the specified uploaded file. Therefore, an attacker can upload an allowed file extension injected with malicious scripts.
PoC
Upload an allowed WordPress extension such as JPG and inject it with a script such as: . To access the resource, the uploaded file ID can be seen in the source code of the (Preview) button under data-file-url as such: /shared-files/{FILE_ID}/?xss.jpg and can be triggered using HTTP://url.com/shared-files/{FILE_ID}/?xss.jpg
| CPE | Name | Operator | Version |
|---|---|---|---|
| eq | 1.7.6 |
Related
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
7.2 High
AI Score
Confidence
Low
5.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
0.0005 Low
EPSS
Percentile
13.8%