WordPress < 6.5.5 - Contributor+ Stored XSS in Template-Part Block

2024-06-2500:00:00

wpscan.com

wordpress

6.5.5

contributor+

stored xss

template-part block

template part

stored cross-site scripting

xss attacks

software

5.8 Medium

AI Score

Confidence

High

JSON

Description WordPress does not properly escape the “tagName” attribute in the “Template Part block” allowing high-privileged users to perform Stored Cross-Site Scripting (XSS) attacks.

PoC

As a contributor, add a “Template Part” block to a post, click on “Start Blank” and then Create. Go into Editor mode and add the following to the wp:template-part block: “tagName”:“img src=x onerror=alert(1) title=x”

CPENameOperatorVersion
654eq6.5.5
654eq6.5.5
654eq6.5.5
654eq6.5.5
654eq6.5.5
654eq6.4.5
654eq6.4.5
654eq6.4.5
654eq6.4.5
654eq6.4.5

Name	Operator	Version
654	eq	6.5.5
654	eq	6.5.5
654	eq	6.5.5
654	eq	6.5.5
654	eq	6.5.5
654	eq	6.4.5
654	eq	6.4.5
654	eq	6.4.5
654	eq	6.4.5
654	eq	6.4.5

Rows per page:

1-10 of 4811

References

wordpress.org/news/2024/06/wordpress-6-5-5/

5.8 Medium

AI Score

Confidence

High

JSON