WP STAGING version 2.9.18 and below is vulnerable to unauthenticated XSS via unfiltered_html capability in options. An attacker could inject malicious code into setting values via user input before the setting is sanitised. For example, an attacker could set the setting value to 'script>alert('XSS');/script>' and WP STAGING would render this as an unfiltered setting value to unsuspecting users. WP STAGING 2.9.18 and below is also vulnerable to user-assisted XSS via unfiltered_html capability in advanced settings when the WP_CONTENT_SECTORS capability is enabled. An attacker would need to be able to edit or create advanced settings in order to exploit this vulnerability. WP Storing prior to 2.9.18 suffers from a cross-site scripting vulnerability due to a lack of sanitization of user-supplied input via unfiltered_html capability in options. An attacker could craft a request for an unfiltered setting value to inject malicious code into the plugin code before the code is sanitized by the plugin.
How do I know if my WordPress installation is vulnerable?
If your WordPress installation is vulnerable, follow these steps to confirm if your site is affected:
1. Open your WordPress dashboard and go to Settings > Staging Files > WP STAGING.
2. Click on the "Unfiltered HTML" link and take note of what appears in the field below it (see image below). "unfiltered_html" can be used as a filter for setting values in WP STAGING WordPress plugin before they are sanitized by the plugin.
Setting Up a WP Staging Plugin Test Environment
A good way to test the plugin is by setting up a staging site just for testing. This is also helpful if you need to debug or troubleshoot an issue with your plugin.
The following steps will guide you through the process of creating a temporary staging site and installing the plugin on it:
What versions of WP Storing are vulnerable?
WP STAGING 2.9.18 and below is vulnerable to unauthenticated XSS via unfiltered_html capability in options, 2.9.19 and above is not vulnerable to this vulnerability
WP STAGING prior to 2.9.18 suffers from a cross-site scripting vulnerability due to a lack of sanitization of user-supplied input via unfiltered_html capability in options, 2.8 version does not suffer from this vulnerability
WP STAGING prior to 2.8 suffers from a user-assisted XSS via unfiltered_html capability in advanced settings when the WP_CONTENT_SECTORS capability is enabled, 2.8 version does not suffer from this vulnerability
Timeline
Published on: 09/16/2022 09:15:00 UTC
Last modified on: 09/17/2022 02:34:00 UTC