|[Backdated Post]||Date of finding: 30/09/2020||Actual date of publication: 25/10/2020||[Backdated Post]|
In this post I will describe a (small) vulnerability I discovered when testing the security of a platform for a non-profit.
The platform in question was Budyboss. Budyboss serves as an all-in-one plugin for Wordpress to ‘Sell memberships, courses, and build online communities’. In essence, Budyboss is a collection of plugins with high-interoperability.
They pride themselves on their security, so I wasn’t expecting to find much. The fact that I was only able to find a reflected XSS vulnerability in the few hours that I poked around assures me their pride is at least somewhat justified.
1 <script src=http://xss.rocks/xss.js? >
It is not a stored XSS vulnerability, since the description is properly sanitized before it is stored in the database. And so, upon refreshing the page, the description will be sanitized. All other visitors also only get to see the sanitized version of the description, greatly limiting the impact of this vulnerability.
Sanitizing the description before displaying it to the user remediates this vulnerability, as is showcased in the applied fix.
This fix was part of the 1.5.3 Budyboss release.