WPBakery Page Builder Pricing Tables Stored Cross-Site Scripting Vulnerability

A stored cross-site scripting vulnerability has been identified in the Pricing Tables for WPBakery Page Builder WordPress plugin, affecting versions prior to 3.0. The issue arises because the plugin fails to properly validate and escape certain shortcode attributes before rendering them on a page or post. This flaw enables users with a contributor role or higher to execute stored cross-site scripting attacks.

Impact

Exploitation of this vulnerability allows for stored cross-site scripting, where injected scripts are executed in the context of the user viewing the affected page or post.

Reproduction

To reproduce this vulnerability, first ensure that the WPBakery Page Builder plugin is installed and active. Then, create a new post or page and insert a shortcode using the Pricing Tables for WPBakery Page Builder plugin. Include vulnerable attributes, such as 'vca_pp_columns' with an 'onmouseover' event, or 'vca_pp_purchase_link' with a 'javascript:' URL. Publish the post or page, and the injected script will execute when viewed.

Remediation

Users are advised to update the Pricing Tables for WPBakery Page Builder WordPress plugin to version 3.0 or later.