WPBookit Stored Cross-Site Scripting Vulnerability
Vulnerability
A stored cross-site scripting vulnerability has been identified in the WPBookit plugin for WordPress, affecting all versions through 1.0.6. The issue arises from a lack of proper capability checks in the 'save_custome_code' function, which handles custom CSS and JavaScript code. This flaw allows unauthenticated attackers to inject arbitrary scripts that are executed whenever a user accesses an affected page.
Impact
Exploitation of this vulnerability allows for stored cross-site scripting, where injected scripts are executed on every page load, potentially leading to session hijacking.
Reproduction
To reproduce this vulnerability, send a POST request to the 'wpb_ajax_post' action with the 'route_name' parameter set to 'save_custome_code'. Include the malicious JavaScript in the 'js_code' parameter and a comment or benign value in the 'css_code' parameter. After injection, the malicious script will execute on page loads.
Remediation
Users are advised to update the WPBookit plugin to version 1.0.7 or later.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.