Wp Plugin Giveasap

Plugin Details

Plugin Name: wp-plugin : giveasap
Effected Version : 2.35.0 (and most probably lower version's if any)
Vulnerability : Cross-Site Scripting (XSS)
Minimum Level of Access Required : Unauthenticated
CVE Number : CVE-2021-24298
Identified by : Shreya Pohekar
WPScan Reference URL

Disclosure Timeline

Technical Details

When the unauthenticated user enters his email address to enter the giveaway, he gets a share link. The get parameter share (in the generated link) is not sanitised, validated or escaped thus leading to reflected XSS.

Vulnerable Code: giveasap-template-functions.php#L355

357	 <?php if ( $giveasap_front->shareID != 0 ) { ?>
358      <input type="hidden" name="user_share" value="<?php echo $giveasap_front->shareID; ?>"/>

Fixed Code:


PoC Screenshot

PoC Screenshot