Storefront Footer Text <= 1.0.1 - Admin+ Stored Cross-Site Scripting

2021-10-11T00:00:00
ID WPVDB-ID:EFA7D91A-447B-4FD8-AA21-5364B177FEE9
Type wpvulndb
Reporter Asif Nawaz Minhas
Modified 2021-10-11T07:06:47

Description

The plugin does not sanitize and escape the "Footer Credit Text" added to pages, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered-html capability is disallowed.

PoC

(The plugin requires the Storefront theme) Go to Appearance > Customize (/wp-admin/customize.php), open the Footer customisation and put the following payload in the Footer Credit Text: The XSS will be triggered in all frontend pages, and Customise admin panel as well