XSS in WP plugin Chamber Dashboard Business Directory

Issue Description

XSS in WordPress plugin Chamber Dashboard Business Directory.

Problem

User entered input which contains HTML/JS is not properly encoded on output, resulting in XSS.

Affected versions

Tested on version 3.2.8 (latest)

Details

Enter payload into affected field (phone field in this example) and update company profile.

In WordPress admin choose Businesses -> All Businesses and entered payload is executed :)

Previous example was around phone field, because this is displayed in directory listing and therefore can be used as attack vector with less clicks requried from admin.

Other vulnerable fields include:

• Country
• State
• Social media url
• E-mail
• City
• Zip
• Address
• Location
• Hours

CVE-2020-24699 was issued

https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-24699