A vulnerability was found in WP Canvas Shortcodes Plugin 1.92 on WordPress (WordPress Plugin). It has been rated as problematic. This issue affects some unknown functionality. The manipulation with an unknown input leads to a cross site scripting vulnerability (Stored). Using CWE to declare the problem leads to CWE-80. The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special characters such as "<", ">", and "&" that could be interpreted as web-scripting elements when they are sent to a downstream component that processes web pages. Impacted is integrity.

The weakness was published 11/19/2016 by Yorick Koster as Stored Cross-Site Scripting in WP Canvas - Shortcodes WordPress Plugin as confirmed mailinglist post (Full-Disclosure). The advisory is shared at seclists.org. The public release has been coordinated with the project team. The attack may be initiated remotely. It demands that the victim is doing some kind of user interaction. Neither technical details nor an exploit are publicly available. MITRE ATT&CK project uses the attack technique T1059.007 for this issue. The advisory points out:

A Cross-Site Scripting vulnerability was found in the WP Canvas - Shortcodes WordPress Plugin. This issue allows an attacker to perform a wide variety of actions, such as stealing Administrators' session tokens, or performing arbitrary actions on their behalf. This issue can be exploited by authenticated users with the Contributor or higher role.

Upgrading to version 2.07 eliminates this vulnerability.

Productinfo

Type

• WordPress Plugin

Name

• WP Canvas Shortcodes Plugin

Version

• 1.92

CPE 2.3info

• 🔍

CPE 2.2info

• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion