Experto Dashboard for WooCommerce Stored Cross-Site Scripting Vulnerability

A stored cross-site scripting vulnerability has been identified in the Experto Dashboard for WooCommerce plugin for WordPress, affecting all versions through 1.0.4. The vulnerability arises from inadequate input sanitization and missing output escaping in the plugin's settings fields, including 'Navigation Font Size', 'Navigation Font Weight', 'Heading Font Size', 'Heading Font Weight', 'Text Font Size', and 'Text Font Weight'. This flaw allows authenticated attackers with Administrator-level access to inject arbitrary web scripts into the plugin settings, which are executed when a user accesses the settings page. The issue is present in multi-site installations where unfiltered_html has been disabled.

Impact

Exploitation of this vulnerability allows for stored cross-site scripting, where injected scripts are executed in the context of the user accessing the settings page.

Reproduction

To reproduce this vulnerability, an authenticated user with Administrator-level access can navigate to the Experto Dashboard for WooCommerce plugin settings. Once there, the user can inject a script into one of the vulnerable fields, such as 'Navigation Font Size'. After saving the changes, the injected script will execute whenever the settings page is accessed.

Remediation

Users are advised to update the Experto Dashboard for WooCommerce plugin to version 1.0.5 or later.