PT-2024-16330 · WordPress · List Category Posts Plugin
Ancorn
+1
·
Published
2024-03-30
·
Updated
2024-04-02
·
CVE-2024-1051
6.4
Medium
| Base vector | Vector | AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions:
List category posts plugin for WordPress versions up to, and including, 0.89.6
Description:
The issue is related to Stored Cross-Site Scripting via the plugin's 'catlist' shortcode due to insufficient input sanitization and output escaping on user-supplied attributes like `title tag`. This allows authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Recommendations:
For versions up to, and including, 0.89.6, update to a version that addresses the insufficient input sanitization and output escaping issue. As a temporary workaround, consider restricting access to the 'catlist' shortcode for users with contributor-level and above permissions to minimize the risk of exploitation. Avoid using the `title tag` attribute in the 'catlist' shortcode until the issue is resolved.
Fix
Related Identifiers
Affected Products
References · 6
- https://nvd.nist.gov/vuln/detail/CVE-2024-1051 · Security Note
- https://wordfence.com/threat-intel/vulnerabilities/id/a58cba26-a57e-4170-95bb-54ea7cfdb10c?source=cve · Note
- https://t.me/cvenotify/75198 · Telegram Post
- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3055332%40list-category-posts&new=3055332%40list-category-posts&sfp_email=&sfph_mail= · Note
- https://plugins.svn.wordpress.org/list-category-posts/trunk/include/lcp-catlistdisplayer.php · Note
- https://twitter.com/RedPacketSec/status/1775086918612427190 · Twitter Post