WP Accessibility < 1.7.0 - Minor Authenticated Stored XSS in custom CSS



Description
A minor authenticated stored XSS vulnerability was found in the "Styles for Skiplinks when they have focus" section of the WP Accessibility plugin.
Proof of Concept
1) Navigate to the Settings page of the plugin

https://example.com/wp-admin/options-general.php?page=wp-accessibility/wp-accessibility.php

2) Select the checkbox next to "Enable Skiplinks"

3) Under the "Styles for Skiplinks when they have focus" option, enter the following XSS payload:

</style><script>alert(/0/)</script>

4) Navigate to the WordPress homepage and you'll see an XSS popup

Affects Plugin

fixed in version 1.7.0

References

URL https://plugins.trac.wordpress.org/changeset/2218372

Classification

Type XSS
OWASP Top 10 A7: Cross-Site Scripting (XSS)
CWE CWE-79

Miscellaneous

Submitter Ananda Krishna
Submitter Website https://www.getastra.com/
Submitter Twitter https://twitter.com/getastra
Views 1414
Verified No
WPVDB ID 10038

Timeline

Publicly Published 2019-12-26 (7 months ago)
Added 2020-01-21 (6 months ago)
Last Updated 2020-01-21 (6 months ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin