Wordpress Mortgage Calculators WP <= 1.52 - Admin+ Stored XSS
Sometimes, I really would like to review open source projects to discover new vulnerabilities. Because of some obstacles, I always postpone that intention to an appropriate time. Until today! The day is the day of read, the day is the day of work and the day is the day of hack!
Today, I have decided to review a few Wordpress plugins, and chose Mortgage Calculators WP. There was an input space to set background color of the calculator. The value of that input, was being reflected to web page of the calculator, without any sanitisation. This situation can lead to a XSS vulnerability. Therefore I tried to exploit the vulnerability, and successfully run a XSS payload.
More importantly! I have requested my very first CVE with this issue. My submission has been verified by WPScan, and CVE-2021-24904 has been reserved for it.
The details of the discovery are given below. There will be much more reviews and researches, stay close!