WordPress Plugin Custom Global Variables 1.0.5 - 'name' Stored Cross-Site Scripting (XSS)

vendor:

Custom Global Variables

by:

Swapnil Subhash Bodekar

8.8

CVSS

HIGH

Stored Cross-Site Scripting (XSS)

CWE

Product Name: Custom Global Variables

Affected Version From: 1.0.5

Affected Version To: 1.0.5

Patch Exists: YES

Related CWE: NA

CPE: 2.3:a:wordpress:custom_global_variables:1.0.5

Metasploit: N/A

Other Scripts: N/A

Platforms Tested: Windows

2021

WordPress Plugin Custom Global Variables 1.0.5 – ‘name’ Stored Cross-Site Scripting (XSS)

A stored XSS vulnerability exists in WordPress Plugin Custom Global Variables 1.0.5, which allows an attacker to inject malicious JavaScript code into the 'name' field of the plugin. An attacker can exploit this vulnerability by entering a malicious JavaScript payload into the user input field, which is then stored in the database. When the same functionality is triggered, the malicious JavaScript payload is executed, resulting in a pop-up.

Mitigation:

To mitigate this vulnerability, users should update to the latest version of the plugin, which is 1.0.6.

Source

Exploit-DB raw data:

# Exploit Title: WordPress Plugin Custom Global Variables 1.0.5 - 'name' Stored Cross-Site Scripting (XSS) 
# Google Dork: NA
# Date: 09/01/2021
# Exploit Author: Swapnil Subhash Bodekar
# Vendor Homepage:
# Software Link: https://wordpress.org/plugins/custom-global-variables/#developers
# Version: 1.0.5
# Tested on Windows

How to reproduce vulnerability:

1. Install WordPress 5.6
2. Install and activate Custom Global variables plugin.
3. Navigate to Setting >> Custom Global Variables and enter the data into the user input field.
4. Capture the request into burp suite and append the JavaScript payload which is mentioned below 
"><script>(1)</script><"
5. You will observe that the payload successfully got stored into the database and when you are triggering the same functionality in that time JavaScript payload is executing successfully and we are getting a pop-up.