Lucene search
Dmitrii IgnatyevWPEX-ID:5A0D5922-EEFC-48E1-9681-B63E420BB8B3HistoryApr 03, 2024 - 12:00 a.m.
Strong Testimonials < 3.1.12 - Contributor+ Stored XSS
2024-04-0300:00:00
Dmitrii Ignatyev
37
testimonials
contributor
stored xss
update
exploit
poc
april 17 2024
Description The plugin does not validate and escape some of its Testimonial fields before outputting them back in a page/post, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. The attack requires a specific view to be performed
Setup (as admin):
- Create a view (/wp-admin/edit.php?post_type=wpm-testimonial&page=testimonial-views)
- In the "Custom Fields" section, click on the "Full Name" and set "Display Type" to "link(must be URL type)"
- Save the view, and put its shortcode (eg [testimonial_view id="1"]) in a post/page
As Contributor:
- add a testimonial, set the Full Name to 123"onmouseover='alert(/XSS/)'
- Submit the testimonial for review (or publish it if using an Author+ role)
Once the testimonial is approved/published, the XSS will be triggered in the post where the view is embed and a user move the mouse over the generated testimonial link.
The attack could also be done via an Author role, to not have to wait for an admin to approve the testimonial.References
Related
wpvulndb
wpvulndb
Strong Testimonials < 3.1.12 - Contributor+ Stored XSS
2024-04-03 00:00:00
cvelist
cvelist
CVE-2024-3261 Strong Testimonials < 3.1.12 - Contributor+ Stored XSS
2024-04-24 05:00:03
cve
cve
CVE-2024-3261
2024-04-24 05:15:47
vulnrichment
vulnrichment
CVE-2024-3261 Strong Testimonials < 3.1.12 - Contributor+ Stored XSS
2024-04-24 05:00:03
nvd
nvd
CVE-2024-3261
2024-04-24 05:15:47
wordfence
wordfence
AI Score
5.9
Confidence
High
EPSS
0
Percentile
9.0%
Related for WPEX-ID:5A0D5922-EEFC-48E1-9681-B63E420BB8B3