FlexTable WordPress Plugin Stored Cross-Site Scripting Vulnerability

A stored cross-site scripting vulnerability has been identified in the FlexTable WordPress plugin, affecting versions prior to 3.19.2. The issue arises because the plugin does not properly sanitize and escape links imported from Google Sheets, allowing high-privilege users, such as administrators, to execute malicious scripts. This vulnerability is particularly concerning in multisite setups, where the unfiltered_html capability is restricted.

Impact

Exploitation of this vulnerability allows for stored cross-site scripting, where injected scripts are executed in the context of the user viewing the affected content.

Reproduction

To reproduce this vulnerability, create a new table in Google Sheets and insert a payload script into a cell. Then, in the FlexTable plugin, create a new table and link to the Google Sheet containing the payload. Enable the 'Import links from sheet' option and save the settings. Finally, create a new page, add the table shortcode, and access the page to see the executed script.

Remediation

Users are advised to update the FlexTable WordPress plugin to version 3.19.2 or later.