CVE ID – CVE-2020-8498
CVSS SCORE – 5.8 (AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C)
AFFECTED VENDORS – GistPress
AFFECTED PRODUCTS – GistPress WordPress Plugin
VULNERABILITY DETAILS – XSS exists in the shortcode functionality of the GistPress plugin before 3.0.2 for WordPress via the includes/class-gistpress.php id parameter. This allows an attacker with the WordPress Contributor role to execute arbitrary JavaScript code with the privileges of other users (e.g., ones who have the publish_posts capability).
ADDITIONAL DETAILS – The vendor triaged the vulnerability with the explicit fix listed here:
https://github.com/bradyvercher/gistpress/commit/e3f260edb6673227b0471c74b7ab13c094411ef7
Gistpress was then updated to version 3.0.2 which addresses the vulnerabilty as per this release:
https://github.com/bradyvercher/gistpress/releases/tag/v3.0.2
ADVICE – Pentest recommend updating GistPress to 3.0.2 to address the vulnerability. This plugin is not available from wordpress.org meaning that the update process requires manually downloading the most recent release and configuring it.
DISCLOSURE TIMELINE:
16/01/2020 Disclosure to vendor
16/01/2020 Vendor acknowledged vulnerability
16/01/2020 Fix released
CREDIT – Paul Ritchie, Sam Thomas