Impact
The Embed Privacy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'embed_privacy_opt_out' shortcode in versions up to, and including, 1.8.0 due to insufficient input sanitization and output escaping on user supplied attributes.
This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Vulnerable File: embed-privacy/inc/class-embed-privacy.php
Line: 2153
POC Video: https://d.pr/v/ORuIat
(1) Install and activate the plugin as an administrator.
(2) As a contributor, create a post using the following shortcode:
[embed_privacy_opt_out show_all='xxx123" onmouseover=alert(1) foo="bar']
(3) When the administrator previews the post, and hovers the element, the XSS payload will execute.
POC Video: https://d.pr/v/ORuIat
Patches
Version 1.8.1 contains a patch.
Impact
The
Embed Privacyplugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'embed_privacy_opt_out' shortcode in versions up to, and including, 1.8.0 due to insufficient input sanitization and output escaping on user supplied attributes.This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Vulnerable File: embed-privacy/inc/class-embed-privacy.php
Line: 2153
POC Video: https://d.pr/v/ORuIat
(1) Install and activate the plugin as an administrator.
(2) As a contributor, create a post using the following shortcode:
[embed_privacy_opt_out show_all='xxx123" onmouseover=alert(1) foo="bar']
(3) When the administrator previews the post, and hovers the element, the XSS payload will execute.
POC Video: https://d.pr/v/ORuIat
Patches
Version 1.8.1 contains a patch.