Easy Testimonials < 3.6 - Authenticated Stored Cross-Site Scripting (XSS)



Description
Multiple cross-site scripting vulnerabilities in Easy Testimonials 3.5.2 and lower allow remote attackers to inject arbitrary web script or HTML via the Client Name, Position / Web Address / Other, Location Reviewed / Product Reviewed / Item Reviewed, Rating parameter.

Successful exploitation of this vulnerability would allow an authenticated medium-privileged user (contributor+) to inject arbitrary javascript code which is executed when admin and other users access the All Testimonials page in the backend. Furthermore, if the 'Allow HTML Tags in Testimonials' option is enabled (which is the default), the XSS will also be triggered when the testimonial is displayed in the frontend.


Timeline (WPScanTeam)
May 9th, 2020 - Confirmed & Escalated to WP Plugins Team
May 11th, 2020 - WP Plugins Team Investigating
May 12th, 2020 - v3.6 released, fixing the issue
Proof of Concept The PoC will be displayed on May 27, 2020, to give users the time to update.

Affects Plugin

fixed in version 3.6

Classification

Type XSS
OWASP Top 10 A7: Cross-Site Scripting (XSS)
CWE CWE-79

Miscellaneous

Original Researcher Ngo Van Thien - SunCSR
Submitter Ngo Van Thien
Submitter Twitter https://twitter.com/thienbg93
Views 801
Verified Yes
WPVDB ID 10223

Timeline

Publicly Published 2020-05-13 (13 days ago)
Added 2020-05-13 (12 days ago)
Last Updated 2020-05-13 (12 days ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin