CVE-2023-23718 - Page Loading Effects <= 2.0.0 Admin+ Stored Cross-Site Scripting

less than 1 minute read

CVE-2023-23718

Details

Detail about software affected by CVE-2023-22714.

Parameter	Description
Software	Page Loading Effects
Type	WordPress Plugin
Vulnerable Version	<= 2.0.0
Classification	Cross-Site Scripting
Required privilege	Administrator
Publicly disclosed	19.01.2023
Plugin URL	https://wordpress.org/plugins/page-loading-effects/

Researcher

This vulnerability was discovered by @yuyudhn.

Description

yuyudhn discovered and reported this Cross Site Scripting (XSS) vulnerability in WordPress Page Loading Effects Plugin. This could allow a malicious actor to inject malicious scripts, such as redirects, advertisements, and other HTML payloads into your website which will be executed when guests visit your site. This vulnerability has not been known to be fixed yet.

Proof of Concept

Go to Page Loading Effect Menu, and put XSS payload at “Max Page Loader Duration” field. Payload:

1337"/><img src=x onerror=alert(1) />

References

Page Loading Effects <= 2.0.0 - Admin+ Stored Cross-Site Scripting - Patchstack

Share on

Twitter Facebook LinkedIn

Yudha P.