search

squelchdesign / squelch-tabs-and-accordions-shortcodes

Provides shortcodes for adding tabs and accordions to your WordPress website
https://squelchdesign.com/services/web-development/free-wordpress-plugins/squelch-tabs-and-accordions-shortcodes/
GNU General Public License v2.0
1 stars 0 forks source link

CVE-2024-2499 #3

Closed squelchdesign closed 7 months ago

squelchdesign commented 7 months ago

Vulnerability Title: Squelch Tabs and Accordions Shortcodes <= 0.4.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via accordions Shortcode CVE ID: CVE-2024-2499 CVSS Severity Score: 6.4 (Medium) CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N Organization: Wordfence Vulnerability Researcher(s): Francesco Carlucci Software Link: https://wordpress.org/plugins/squelch-tabs-and-accordions-shortcodes

Description The Squelch Tabs and Accordions Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'accordions' shortcode in all versions up to, and including, 0.4.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Proof of Concept

  • log in as contributor
  • create a post
  • add the shortcode as content [accordions active=' " onmouseover=alert(1) id="']stuff[/accordions]
  • preview and hover the button

Snapshot:

Any Known Public References https://plugins.trac.wordpress.org/browser/squelch-tabs-and-accordions-shortcodes/trunk/squelch-tabs-and-accordions.php#L176

squelchdesign commented 7 months ago

Fixed in v0.4.4