WordPress Mortgage Calculators WP 1.52 Cross Site Scripting

2022.01.27
Credit: Ceylan Bozogullarindan
Risk: Medium
Local: No
Remote: Yes
CVE: CVE-2021-24904
CWE: CWE-79


CVSS Base Score: 3.5/10
Impact Subscore: 2.9/10
Exploitability Subscore: 6.8/10
Exploit range: Remote
Attack complexity: Medium
Authentication: Single time
Confidentiality impact: None
Integrity impact: Partial
Availability impact: None

# Exploit Title: WordPress Plugin Mortgage Calculators WP 1.52 - Stored Cross-Site Scripting (XSS) (Authenticated) # Date: 25-10-2021 # Exploit Author: Ceylan Bozogullarindan # Vendor Homepage: https://lenderd.com/ # Software Link: https://mortgagecalculatorsplugin.com/ # Version: 1.52 # Tested on: Linux # CVE : CVE-2021-24904 (https://wpscan.com/vulnerability/7b80f89b-e724-41c5-aa03-21d1eef50f21) # Description: The plugin gives users real-time estimates by providing mortgage calculators. It does not implement any sanitisation on the color value of the background of a calculator in admin panel, which could lead to authenticated Stored Cross-Site Scripting issues. An attacker can execute malicious javascript codes for all visitors of a page containing the calculator. # Steps To Reproduce: 1. Go to settings page available under the "Calculator" menu item. 2. Click the "Select Color" button and type the following payload the input space: `hacked</style></head><script>alert(1)</script>` 3. Click the "Save Changes" button to save settings. 4. Create a new page and add the shortcode ([mcwp type="cv"]) of the calculator, for testing. 5. Visit the page to trigger XSS.


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top