advisory_details

CVE-2020-8498

CVE ID – CVE-2020-8498

CVSS SCORE – 5.8 (AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C)

AFFECTED VENDORS – GistPress

AFFECTED PRODUCTS – GistPress WordPress Plugin

VULNERABILITY DETAILS – XSS exists in the shortcode functionality of the GistPress plugin before 3.0.2 for WordPress via the includes/class-gistpress.php id parameter. This allows an attacker with the WordPress Contributor role to execute arbitrary JavaScript code with the privileges of other users (e.g., ones who have the publish_posts capability).

ADDITIONAL DETAILS – The vendor triaged the vulnerability with the explicit fix listed here:
https://github.com/bradyvercher/gistpress/commit/e3f260edb6673227b0471c74b7ab13c094411ef7

Gistpress was then updated to version 3.0.2 which addresses the vulnerabilty as per this release:
https://github.com/bradyvercher/gistpress/releases/tag/v3.0.2

ADVICE – Pentest recommend updating GistPress to 3.0.2 to address the vulnerability. This plugin is not available from wordpress.org meaning that the update process requires manually downloading the most recent release and configuring it.

DISCLOSURE TIMELINE:
16/01/2020 Disclosure to vendor
16/01/2020 Vendor acknowledged vulnerability
16/01/2020 Fix released

CREDIT – Paul Ritchie, Sam Thomas