MyBookTable <= 3.2.2 - Multiple XSS



Description
Version <= 3.2.1 contains multiple XSS in various locations due to not escaping user's input before output it, example: https://<BLOG>/wp-admin/admin.php?page=mbt_help&mbt_video_tutorial="><svg/onload=alert(/XSS/)>

WPScan Team:

v3.2.2 implemented numerous sanitisation improvements, however there was still at least one DOM XSS:

https://<BLOG>/wp-admin/admin.php?page=mbt_help&mbt_video_tutorial=<svg/onload=alert(/XSS/)>

June 30th - Vendor Contacted about the DOM XSS
June 30th - Fix pushed in Trunk, vendor also reviewed all other usage of jQuery in the plugin, and didn't find other cases of user input in a jQuery selector.
July 3rd - Version 3.2.3 Released

Affects Plugin

fixed in version 3.2.3

References

URL https://plugins.trac.wordpress.org/changeset?reponame=&new=2117000%40mybooktable&old=2081979%40mybooktable

Classification

Type XSS
OWASP Top 10 A7: Cross-Site Scripting (XSS)
CWE CWE-79

Miscellaneous

Views 2286
Verified No
WPVDB ID 9423

Timeline

Publicly Published 2019-07-03 (4 months ago)
Added 2019-07-05 (4 months ago)
Last Updated 2019-07-05 (4 months ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin