My Calendar 2.5.16 – Authenticated stored XSS

INFO Product: My Calendar Version: 2.5.16 Active installations: 30,000+ Product page: https://it.wordpress.org/plugins/my-calendar/ DESCRIPTION An authenticated user, who can add new events,  can inject arbitrary javascript code via event_time_label input. The arbitrary code runs both on the event page and in the admin panel. In my-calendar-event-manager.php, line 1873, the variable $eventTime is not sanitized. PROOF OF CONCEPT My Calendar 2.5.16 is Continue reading My Calendar 2.5.16 – Authenticated stored XSS

WP Live Chat Support 8.0.05 – Stored XSS

INFO Product: WP Live Chat Support Version: 8.0.05 Active installations: 50,000+ Product page: https://wordpress.org/plugins/wp-live-chat-support/ CVE: 2018-9864 1. DESCRIPTION An unauthenticated user could inject arbitrary javascript code in the admin panel by using the text field “Name” of WP Live Chat Support. Using a single input point it was possible to inject javascript code into two different output points Continue reading WP Live Chat Support 8.0.05 – Stored XSS

Events Manager 5.8.1.1 – Stored XSS

INFO Product: Events Manager Version: 5.8.1.1 Active installations: 100,000+ Product page: https://it.wordpress.org/plugins/events-manager/ CVE: 2018-9020 DESCRIPTION An unauthenticated user or a user without privileges, who can submit an event, can inject javascript code in the Google Maps miniature. The malicious code runs in the admin panel when a user with privileges opens the submitted event. The problem Continue reading Events Manager 5.8.1.1 – Stored XSS